CVE-2025-65233

Name of the Vulnerable Software and Affected Versions SLiMS (slims9 bulian) versions prior to 9.6.0

Description The software contains a reflected cross-site scripting (XSS) issue due to improper handling of the $ SERVER['PHP SELF'] variable in the index.php/sysconfig.inc.php file. This allows a remote attacker to execute arbitrary JavaScript code in a victim’s browser by supplying a specially crafted URL path.

Recommendations Update to version 9.6.0 or later.