Back

CVE-2024-6370

June 27, 2024, 12:47 p.m.

Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

Products

LabVantage LIMS

  • 2017

Source

cna@vuldb.com

Tags

CWE-79
cna@vuldb.com
2024-06-27
CVE-2024-6370

CVE-2024-6370 details

Published : June 27, 2024, 12:15 p.m.
Last Modified : June 27, 2024, 12:47 p.m.

Description

A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.

CVSS Score

1 2 3.5 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

Base Score

3.5

Exploitability Score

2.1

Impact Score

1.4

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

References

URL Source
https://gentle-khaan-c53.notion.site/HTML-Injection-in-Labvantage-LIMS-a229aae13fa14977a677921e7a442619?pvs=4 cna@vuldb.com
https://vuldb.com/?ctiid.269803 cna@vuldb.com
https://vuldb.com/?id.269803 cna@vuldb.com
https://vuldb.com/?submit.359374 cna@vuldb.com
This website uses the NVD API, but is not approved or certified by it.