Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
9 vulnerabilities by labvantage
CVE-2024-6370 (GCVE-0-2024-6370)
Vulnerability from cvelistv5 – Published: 2024-06-27 12:00 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS POST Request cross site scripting
Summary
A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:lims:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lims",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:03:58.213291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:04:04.459Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.322Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269803 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269803"
},
{
"name": "VDB-269803 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269803"
},
{
"name": "Submit #359374 | LabVantage LIMS 2017 Basic Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359374"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/HTML-Injection-in-Labvantage-LIMS-a229aae13fa14977a677921e7a442619?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file\u0026file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803."
},
{
"lang": "de",
"value": "In LabVantage LIMS 2017 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /labvantage/rc?command=file\u0026file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp der Komponente POST Request Handler. Mittels Manipulieren des Arguments bulletinbody mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:00:09.407Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269803 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269803"
},
{
"name": "VDB-269803 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269803"
},
{
"name": "Submit #359374 | LabVantage LIMS 2017 Basic Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359374"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/HTML-Injection-in-Labvantage-LIMS-a229aae13fa14977a677921e7a442619?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-27T07:13:07.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS POST Request cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6370",
"datePublished": "2024-06-27T12:00:09.407Z",
"dateReserved": "2024-06-27T05:07:57.748Z",
"dateUpdated": "2024-08-01T21:33:05.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6369 (GCVE-0-2024-6369)
Vulnerability from cvelistv5 – Published: 2024-06-27 12:00 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS POST Request cross site scripting
Summary
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:lims:2017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lims",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6369",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T19:51:10.349776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T19:51:56.374Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269802 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269802"
},
{
"name": "VDB-269802 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269802"
},
{
"name": "Submit #359373 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359373"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-960bf61d35124c858e3360785cfe40b3?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page\u0026sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in LabVantage LIMS 2017 entdeckt. Es geht dabei um eine nicht klar definierte Funktion der Datei /labvantage/rc?command=page\u0026sdcid=LV_ReagentLot der Komponente POST Request Handler. Mittels dem Manipulieren des Arguments mode mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T12:00:06.595Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269802 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269802"
},
{
"name": "VDB-269802 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269802"
},
{
"name": "Submit #359373 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359373"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-960bf61d35124c858e3360785cfe40b3?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-27T07:13:05.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS POST Request cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6369",
"datePublished": "2024-06-27T12:00:06.595Z",
"dateReserved": "2024-06-27T05:07:55.067Z",
"dateUpdated": "2024-08-01T21:33:05.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6368 (GCVE-0-2024-6368)
Vulnerability from cvelistv5 – Published: 2024-06-27 11:31 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS POST Request cross site scripting
Summary
A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:labvantage:2017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "labvantage",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6368",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T18:09:33.733343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T18:10:02.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269801 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269801"
},
{
"name": "VDB-269801 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269801"
},
{
"name": "Submit #359372 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359372"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-53b90219d193451aa81f28dea480d5f2?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LabVantage LIMS 2017 ausgemacht. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /labvantage/rc?command=page der Komponente POST Request Handler. Durch Manipulation des Arguments param1 mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T11:31:06.731Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269801 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269801"
},
{
"name": "VDB-269801 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269801"
},
{
"name": "Submit #359372 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359372"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-53b90219d193451aa81f28dea480d5f2?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-27T07:13:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS POST Request cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6368",
"datePublished": "2024-06-27T11:31:06.731Z",
"dateReserved": "2024-06-27T05:07:52.356Z",
"dateUpdated": "2024-08-01T21:33:05.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6367 (GCVE-0-2024-6367)
Vulnerability from cvelistv5 – Published: 2024-06-27 11:31 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS POST Request cross site scripting
Summary
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:lims:2017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lims",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6367",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-08T14:40:48.465768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-08T20:02:54.775Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.387Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269800 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269800"
},
{
"name": "VDB-269800 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269800"
},
{
"name": "Submit #359344 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.359344"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-c9aa0641d1464816832bb8b98958626f?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file\u0026file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LabVantage LIMS 2017 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /labvantage/rc?command=file\u0026file=WEB-CORE/elements/files/filesembedded.jsp der Komponente POST Request Handler. Durch die Manipulation des Arguments sdcid/keyid1/keyid2/keyid3 mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-27T11:31:04.154Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269800 | LabVantage LIMS POST Request cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269800"
},
{
"name": "VDB-269800 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269800"
},
{
"name": "Submit #359344 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.359344"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-c9aa0641d1464816832bb8b98958626f?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-27T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-27T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-27T07:13:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS POST Request cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6367",
"datePublished": "2024-06-27T11:31:04.154Z",
"dateReserved": "2024-06-27T05:07:49.955Z",
"dateUpdated": "2024-08-01T21:33:05.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6182 (GCVE-0-2024-6182)
Vulnerability from cvelistv5 – Published: 2024-06-20 11:00 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS cross site scripting
Summary
A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:labvantage:2017:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "labvantage",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6182",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T15:59:00.780107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T16:00:38.759Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:04.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269153 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269153"
},
{
"name": "VDB-269153 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269153"
},
{
"name": "Submit #354361 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.354361"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-95e338b6f9ea45db9a6c635c3c1ff3b8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page\u0026page=LV_ViewSampleSpec\u0026oosonly=Y\u0026_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in LabVantage LIMS 2017 ausgemacht. Sie wurde als problematisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei /labvantage/rc?command=page\u0026page=LV_ViewSampleSpec\u0026oosonly=Y\u0026_sdialog=Y. Mittels dem Manipulieren des Arguments sdcid/keyid1 mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T11:00:07.345Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269153 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269153"
},
{
"name": "VDB-269153 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269153"
},
{
"name": "Submit #354361 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.354361"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-95e338b6f9ea45db9a6c635c3c1ff3b8"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-20T07:20:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6182",
"datePublished": "2024-06-20T11:00:07.345Z",
"dateReserved": "2024-06-20T05:15:00.615Z",
"dateUpdated": "2024-08-01T21:33:04.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6181 (GCVE-0-2024-6181)
Vulnerability from cvelistv5 – Published: 2024-06-20 11:00 – Updated: 2024-08-01 21:33
VLAI?
Title
LabVantage LIMS cross site scripting
Summary
A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation of the argument height/width leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6181",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-20T13:39:17.206586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T13:39:37.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:33:05.040Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-269152 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.269152"
},
{
"name": "VDB-269152 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.269152"
},
{
"name": "Submit #353709 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.353709"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-9531d77dce984d4da2ddcab863962e9c?pvs=4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file\u0026file=WEB-CORE/elements/files/filesembedded.jsp\u0026size=32. The manipulation of the argument height/width leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LabVantage LIMS 2017 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei /labvantage/rc?command=file\u0026file=WEB-CORE/elements/files/filesembedded.jsp\u0026size=32. Durch Manipulation des Arguments height/width mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T11:00:05.666Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-269152 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.269152"
},
{
"name": "VDB-269152 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.269152"
},
{
"name": "Submit #353709 | LabVantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.353709"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-9531d77dce984d4da2ddcab863962e9c?pvs=4"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-20T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-20T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-20T07:20:16.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6181",
"datePublished": "2024-06-20T11:00:05.666Z",
"dateReserved": "2024-06-20T05:14:54.247Z",
"dateUpdated": "2024-08-01T21:33:05.040Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6058 (GCVE-0-2024-6058)
Vulnerability from cvelistv5 – Published: 2024-06-17 18:00 – Updated: 2024-08-01 21:25
VLAI?
Title
LabVantage LIMS cross site scripting
Summary
A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
CWE
- CWE-79 - Cross Site Scripting
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6058",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T15:49:13.661841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T15:49:19.125Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:25:03.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-268785 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.268785"
},
{
"name": "VDB-268785 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.268785"
},
{
"name": "Submit #353198 | Labvantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.353198"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-cc960e84650a4df58ecabe82338e0272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page\u0026page=SampleHistoricalList\u0026_iframename=list\u0026__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in LabVantage LIMS 2017 entdeckt. Sie wurde als problematisch eingestuft. Es betrifft eine unbekannte Funktion der Datei /labvantage/rc?command=page\u0026page=SampleHistoricalList\u0026_iframename=list\u0026__crc=crc_1701669816260. Dank der Manipulation des Arguments height/width mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-17T18:00:04.540Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-268785 | LabVantage LIMS cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.268785"
},
{
"name": "VDB-268785 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.268785"
},
{
"name": "Submit #353198 | Labvantage LIMS 2017 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.353198"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Reflected-XSS-in-Labvantage-LIMS-cc960e84650a4df58ecabe82338e0272"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-17T15:10:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-6058",
"datePublished": "2024-06-17T18:00:04.540Z",
"dateReserved": "2024-06-17T13:04:47.623Z",
"dateUpdated": "2024-08-01T21:25:03.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5771 (GCVE-0-2024-5771)
Vulnerability from cvelistv5 – Published: 2024-06-08 22:00 – Updated: 2024-08-01 21:18
VLAI?
Title
LabVantage LIMS POST Request sql injection
Summary
A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| LabVantage | LIMS |
Affected:
2017
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:labvantage:lims:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lims",
"vendor": "labvantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5771",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T15:28:34.134076Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T15:29:54.355Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:18:07.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-267454 | LabVantage LIMS POST Request sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.267454"
},
{
"name": "VDB-267454 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.267454"
},
{
"name": "Submit #347403 | Labvantage LIMS 2017 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.347403"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Request Handler"
],
"product": "LIMS",
"vendor": "LabVantage",
"versions": [
{
"status": "affected",
"version": "2017"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Farouk (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page\u0026page=SampleList\u0026_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "In LabVantage LIMS 2017 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /labvantage/rc?command=page\u0026page=SampleList\u0026_iframename=list der Komponente POST Request Handler. Dank der Manipulation des Arguments param1 mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-08T22:00:05.022Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-267454 | LabVantage LIMS POST Request sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.267454"
},
{
"name": "VDB-267454 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.267454"
},
{
"name": "Submit #347403 | Labvantage LIMS 2017 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.347403"
},
{
"tags": [
"exploit"
],
"url": "https://gentle-khaan-c53.notion.site/Labvantage-LIMS-3bb2137a29944e7e9efc906f23b42a4a"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-06-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-06-08T09:43:49.000Z",
"value": "VulDB entry last update"
}
],
"title": "LabVantage LIMS POST Request sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-5771",
"datePublished": "2024-06-08T22:00:05.022Z",
"dateReserved": "2024-06-08T07:37:31.778Z",
"dateUpdated": "2024-08-01T21:18:07.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7959 (GCVE-0-2020-7959)
Vulnerability from cvelistv5 – Published: 2020-02-17 20:22 – Updated: 2024-08-04 09:48
VLAI?
Summary
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:24.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/websecnl/LabVantage8.3-Exploit"
},
{
"name": "48090",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/48090"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an \u0027Unrecognized Database exception message if the database does not exist."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-17T20:22:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/websecnl/LabVantage8.3-Exploit"
},
{
"name": "48090",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/48090"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-7959",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an \u0027Unrecognized Database exception message if the database does not exist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/websecnl/LabVantage8.3-Exploit",
"refsource": "MISC",
"url": "https://github.com/websecnl/LabVantage8.3-Exploit"
},
{
"name": "48090",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/48090"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-7959",
"datePublished": "2020-02-17T20:22:36.000Z",
"dateReserved": "2020-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:24.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}