CVE-2024-6182

Name of the Vulnerable Software and Affected Versions LabVantage LIMS version 2017

Description The issue is related to the lack of protection of the web page structure in the LabVantage LIMS laboratory information system. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack through the sdcid/keyid1 parameters in the /labvantage/rc?command=page&page=LV ViewSampleSpec&oosonly=Y& sdialog=Y file. The attack may be initiated remotely.

Recommendations For LabVantage LIMS version 2017, consider disabling access to the /labvantage/rc file or restricting the use of the sdcid/keyid1 parameters until a patch is available. Avoid using the sdcid/keyid1 parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.