CVE-2023-24086

Name of the Vulnerable Software and Affected Versions SLIMS version 9.5.2

Description The issue is a reflected cross-site scripting (XSS) vulnerability. It occurs via the component "/customs/loan by class.php?reportView". This type of vulnerability allows an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions.

Recommendations For SLIMS version 9.5.2, consider disabling access to the "/customs/loan by class.php?reportView" component until a patch is available to prevent exploitation of the reflected XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.