CVE-2024-6058

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017

Description: A problematic vulnerability has been found in LabVantage LIMS, affecting an unknown part of the file "/labvantage/rc?command=page&page=SampleHistoricalList& iframename=list& crc=crc 1701669816260". The manipulation of the height and width arguments leads to cross-site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations: For LabVantage LIMS version 2017, as a temporary workaround, consider restricting access to the affected file "/labvantage/rc?command=page&page=SampleHistoricalList& iframename=list& crc=crc 1701669816260" to minimize the risk of exploitation. Avoid using the height and width arguments in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.