Vulnerability Details CVE-2025-65233
Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2025-65233
-
cpe:2.3:a:slims_project:slims:3
-
cpe:2.3:a:slims_project:slims:5
-
cpe:2.3:a:slims_project:slims:7
-
cpe:2.3:a:slims_project:slims:8
-
cpe:2.3:a:slims_project:slims:8.1
-
cpe:2.3:a:slims_project:slims:8.2
-
cpe:2.3:a:slims_project:slims:8.3
-
cpe:2.3:a:slims_project:slims:8.3.1
-
cpe:2.3:a:slims_project:slims:9
-
cpe:2.3:a:slims_project:slims:9.5.2