Lucene search
GoogleOSV:CVE-2024-25737HistoryMay 22, 2024 - 7:15 p.m.
CVE-2024-25737
2024-05-2219:15:08
Google
osv.dev
4
ssrf
open library foundation vufind
cross-site scripting
proxying urls
vulnerability
AI Score
6.3
Confidence
High
A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.
Related
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-05-27 07:16:27
cvelist
cvelist
CVE-2024-25737
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-25737
1976-01-01 00:00:00
osv
osv
VuFind Server-Side Request Forgery (SSRF) vulnerability
2024-05-22 21:30:34
github
github
VuFind Server-Side Request Forgery (SSRF) vulnerability
2024-05-22 21:30:34
nvd
nvd
CVE-2024-25737
2024-05-22 19:15:08
cve
cve
CVE-2024-25737
2024-05-22 19:15:08