CVE-2023-24737
PMB v7.4.6 contains a reflected XSS via the query parameter on /admin/convert/export_z3950.php (export_z3950.php). The issue, documented across sources (NVD/Nuclei), is caused by insufficient input sanitization of the query parameter, enabling injected scripts to run in users’ browsers. Impact pe...