CVE-2024-25737

Published: May 22, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/vufind-org/vufind/commit/345d00f7d7f1c581f46742effdac70e803b3847b

https://github.com/vufind-org/vufind/commit/51f2ddac0dc1047e6fd3b27e6d984b19e1601d00

https://vufind.org/wiki/security:cve-2024-25737

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-25737

Description

Affected Products

References