2 matches found
Server-Side Request Forgery (SSRF)
vufind/vufind is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper input validation in the /Cover/Show route, allowing remote attackers to access internal HTTP servers and execute Cross-Site Scripting XSS attacks by proxying arbitrary URLs via the proxy GET...
GHSA-FWHC-MM9Q-MQQ8 VuFind Server-Side Request Forgery (SSRF) vulnerability
A Server-Side Request Forgery SSRF vulnerability in the /Cover/Show route showAction in CoverController.php in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting XSS attacks by proxying arbitrary URL...