Security for everyone

CVE-2023-24733 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in PMB affects v. 7.4.6.

SCAN NOW

Short Info


Level

Medium

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Url

Parent Category

CVE-2023-24733 Scanner Detail

PMB, also known as PhpMyBibli, is a free and open-source Integrated Library Systems (ILS) software solution used by libraries, archives, and documentation centers worldwide. It was primarily designed to manage library catalogs, track circulation and loan records, perform acquisitions and serial control management, and provide access to electronic resources. PMB also features a customizable interface, multilingual support, and interoperability with other library standards.

Recently, a security vulnerability was discovered in PMB version 7.4.6, specifically a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. This vulnerability was given the code CVE-2021-24733. It's worth noting that XSS attacks are a common type of injection attack where malicious scripts are injected into web pages viewed by other users. 

Exploitation of this vulnerability could have potentially disastrous consequences for libraries, archives, and documentation centers that use PMB. The impact of an XSS attack can range from defacing the library's website, stealing users' login credentials, and accessing sensitive information to executing arbitrary code on the user's system. Effectively, attackers could have unauthorized access to digital assets, putting library collections and user privacy at risk.

At Security for Everyone, we offer a comprehensive solution to help organizations protect their digital assets from vulnerabilities, similar to the one discovered in PMB. Our pro features include automated and continuous vulnerability scanning, intelligent vulnerability prioritization, and actionable remediation advice to help you minimize risks. Sign up today to learn more about how we can help you secure your library collection and keep your users' privacy intact.

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture