Hbtw25

**Name of the Vulnerable Software and Affected Versions** SLiMS (slims9 bulian) versions prior to 9.6.0 **Description** The software contains a reflected cross-site scripting (XSS) issue due to improper handling of the `$ SERVER['PHP SELF']` variable in the `index.php/sysconfig.inc.php` file. This allows a remote attacker to execute arbitrary JavaScript code in a victim’s browser by supplying a specially crafted URL path. **Recommendations** Update to version 9.6.0 or later.