CVE-2025-65233 | SLiMS up to 9.5.x URL sysconfig.inc.php $_SERVER[‘PHP_SELF’] cross site scripting (Issue 185)

A vulnerability, which was classified as problematic, was found in SLiMS up to 9.5.x. This vulnerability affects unknown code of the file index.php/sysconfig.inc.php of the component URL Handler. Such manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is referenced as CVE-2025-65233. It is possible to launch the attack remotely. No exploit is available.

You should upgrade the affected component.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.VulDB Recent EntriesRead More