Unrated severityOSV Advisory· Published Dec 17, 2025· Updated Dec 17, 2025
CVE-2025-65233
CVE-2025-65233
Description
Reflected cross-site scripting (XSS) in SLiMS (slims9_bulian) before 9.6.0 via improper handling of $_SERVER['PHP_SELF' ] in index.php/sysconfig.inc.php, which allows remote attackers to execute arbitrary JavaScript in a victim's browser by supplying a crafted URL path.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2v9.0.0, v9.1.0, v9.1.1, …+ 1 more
- (no CPE)range: v9.0.0, v9.1.0, v9.1.1, …
- (no CPE)range: <9.6.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.