Labvantage Labvantage

  1. Vendors
  2. Labvantage

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Labvantage product.

RSS Feeds for Labvantage security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Labvantage products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Labvantage Sorted by Most Security Vulnerabilities since 2018

Labvantage Laboratory Information Management System5 vulnerabilities

Labvantage Lims2 vulnerabilities

Labvantage1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Labvantage. Labvantage did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 7 5.50
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 1 0.00

It may take a day or so for new Labvantage vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Labvantage Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2024-6370 Jun 27, 2024
LabVantage LIMS 2017 XSS via bulletinbody in sendbulletin.jsp A vulnerability classified as problematic was found in LabVantage LIMS 2017. Affected by this vulnerability is an unknown functionality of the file /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp of the component POST Request Handler. The manipulation of the argument bulletinbody leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269803.
Laboratory Information Management System
CVE-2024-6369 Jun 27, 2024
LabVantage LIMS 2017 XSS via POST /labvantage/rc A vulnerability classified as problematic has been found in LabVantage LIMS 2017. Affected is an unknown function of the file /labvantage/rc?command=page&sdcid=LV_ReagentLot of the component POST Request Handler. The manipulation of the argument mode leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269802 is the identifier assigned to this vulnerability.
Laboratory Information Management System
CVE-2024-6368 Jun 27, 2024
XSS via POST in LabVantage LIMS 2017 A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page of the component POST Request Handler. The manipulation of the argument param1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269801 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Laboratory Information Management System
CVE-2024-6367 Jun 27, 2024
LabVantage LIMS 2017 POST Handler XSS via File Parameter A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp of the component POST Request Handler. The manipulation of the argument sdcid/keyid1/keyid2/keyid3 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269800. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Laboratory Information Management System
CVE-2024-6182 Jun 20, 2024
LabVantage LIMS XSS via sdcid/keyid1 Argument A vulnerability was found in LabVantage LIMS 2017. It has been rated as problematic. This issue affects some unknown processing of the file /labvantage/rc?command=page&page=LV_ViewSampleSpec&oosonly=Y&_sdialog=Y. The manipulation of the argument sdcid/keyid1 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269153 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Labvantage Lims
CVE-2024-6181 Jun 20, 2024
LabVantage LIMS 2017 Remote XSS via FilesEmbedded.jsp A vulnerability was found in LabVantage LIMS 2017. It has been declared as problematic. This vulnerability affects unknown code of the file /labvantage/rc?command=file&file=WEB-CORE/elements/files/filesembedded.jsp&size=32. The manipulation of the argument height/width leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269152. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Labvantage Lims
CVE-2024-6058 Jun 17, 2024
LabVantage LIMS 2017 XSS via height/width (CVE-2024-6058) A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268785 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Laboratory Information Management System
CVE-2020-7959 Feb 17, 2020
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
Labvantage
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.