Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
veracodeVeracode Vulnerability DatabaseVERACODE:47190
HistoryMay 27, 2024 - 7:16 a.m.

Server-Side Request Forgery (SSRF)

2024-05-2707:16:27
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
server-side request forgery
input validation
cover/show route
remote attackers
cross-site scripting
proxying
arbitrary urls
http servers

AI Score

6.4

Confidence

High

JSON

vufind/vufind is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due to improper input validation in the /Cover/Show route, allowing remote attackers to access internal HTTP servers and execute Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

Related

osv 2
cvelist 1
vulnrichment 1
github 1
nvd 1
cve 1
osv
osv
CVE-2024-25737
2024-05-22 19:15:08
VuFind Server-Side Request Forgery (SSRF) vulnerability
2024-05-22 21:30:34
cvelist
cvelist
CVE-2024-25737
1976-01-01 00:00:00
vulnrichment
vulnrichment
CVE-2024-25737
1976-01-01 00:00:00
github
github
VuFind Server-Side Request Forgery (SSRF) vulnerability
2024-05-22 21:30:34
nvd
nvd
CVE-2024-25737
2024-05-22 19:15:08
cve
cve
CVE-2024-25737
2024-05-22 19:15:08

AI Score

6.4

Confidence

High

JSON
Related for VERACODE:47190
osv2cvelist1vulnrichment1github1nvd1cve1