PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
View the template here CVE-2023-24735.yaml
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-24735