N/A

A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter.

N/A

N/A

Open Library Foundation VuFind 安全漏洞

Open Library Foundation VuFind是Open Library Foundation基金会的一个开源的图书馆资源发现（Discovery）系统。 Open Library Foundation VuFind 2.4版本至9.1.1之前版本存在安全漏洞，该漏洞源于存在服务器端请求伪造(SSRF)漏洞，允许远程攻击者访问内部HTTP服务器并执行跨站脚本(XSS)攻击。

N/A

N/A