CVE-2024-6370

Name of the Vulnerable Software and Affected Versions LabVantage LIMS version 2017

Description A problematic issue was found in the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the bulletinbody argument leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For LabVantage LIMS version 2017, consider restricting access to the /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp endpoint until a patch is available. As a temporary workaround, avoid using the bulletinbody argument in the affected POST Request Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.