VYPR
Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025

CVE-2025-65233

CVE-2025-65233

Description

Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Slims/Slims9 BulianOSV2 versions
    v9.0.0, v9.1.0, v9.1.1, …+ 1 more
    • (no CPE)range: v9.0.0, v9.1.0, v9.1.1, …
    • (no CPE)range: <9.6.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.