CVE-2024-6370 MEDIUM

CVE-2024-6370: LabVantage LIMS POST Request cross site scripting

Vendor Labvantage

Product LIMS

Weakness CWE-79 · XSS

Published June 27, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.

Key dates

02Disclosure timeline

June 27, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-6370 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-26878 WordPress Autoship Cloud for WooCommerce Subscription Products plugin <= 2.8.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2026-44737 grav-plugin-admin: Stored Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][title] CVE-2021-46681 Vulnerability XSS in module mass operation name field CVE-2024-2752 Where Did You Hear About Us Checkout Field for WooCommerce <= 1.3.1 - Authenticated (Shop Manager+) Stored Cross-Site Scripting CVE-2024-6252 Zorlan SkyCaiji Task cross site scripting