CVE-2023-37177

SQL Injection vulnerability in PMB Services PMB v.7.4.7 and before allows a remote unauthenticated attacker to execute arbitrary code via the query parameter in the /admin/convert/exportz3950.php endpoint...

CVE-2023-24737

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...

Cross site scripting

PMB v7.4.6 was discovered to contain a reflected cross-site scripting XSS vulnerability via the query parameter at /admin/convert/exportz3950.php...

CVE-2023-24737

PMB v7.4.6 contains a reflected XSS via the query parameter on /admin/convert/export_z3950.php (export_z3950.php). The issue, documented across sources (NVD/Nuclei), is caused by insufficient input sanitization of the query parameter, enabling injected scripts to run in users’ browsers. Impact pe...