CVE-2024-6181

Name of the Vulnerable Software and Affected Versions LabVantage LIMS version 2017

Description A vulnerability in LabVantage LIMS allows for cross-site scripting (XSS) attacks. The issue is related to the manipulation of the height and width arguments in the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. This can be exploited remotely. The vendor was contacted about this issue but did not respond.

Recommendations For LabVantage LIMS version 2017, as a temporary workaround, consider restricting access to the /labvantage/rc API endpoint or disabling the manipulation of the height and width parameters in the file filesembedded.jsp until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.