CVE-2025-65233 is a reflected cross-site scripting (XSS) vulnerability identified in the SLiMS (Senayan Library Management System) software, specifically in the slims9_bulian branch prior to version 9.6.0. The root cause is improper sanitization and handling of the $_SERVER['PHP_SELF'] variable within the index.php/sysconfig.inc.php file. This variable reflects the URL path used to access the application, and when not properly escaped, it can be manipulated by an attacker to inject malicious JavaScript code. When a victim accesses a crafted URL containing the malicious payload, the injected script executes in their browser context. This can lead to theft of cookies, session tokens, or other sensitive information, as well as unauthorized actions performed on behalf of the user. The vulnerability is exploitable remotely without authentication (AV:N/PR:N), but requires user interaction (UI:R) to trigger the malicious script execution. The scope is changed (S:C) because the vulnerability affects resources beyond the vulnerable component by impacting user sessions and data confidentiality. The CVSS 3.1 base score is 6.1, indicating a medium severity level. No public exploits or widespread attacks have been reported yet, but the vulnerability poses a significant risk to users of SLiMS, especially in environments where the software is used to manage library resources and user accounts.

For European organizations, particularly academic institutions, public libraries, and research centers that deploy SLiMS for managing digital and physical library assets, this vulnerability can lead to compromised user accounts and unauthorized access to sensitive information. Attackers can exploit the XSS flaw to steal session cookies, enabling impersonation of legitimate users, or to conduct phishing attacks by injecting malicious scripts that alter the displayed content. This undermines user trust and can result in data leakage or manipulation of library records. Since SLiMS is often used in multi-user environments with sensitive patron data, the confidentiality and integrity of user information are at risk. The reflected XSS does not directly impact availability but can facilitate further attacks that may disrupt services. The medium severity score reflects the balance between ease of exploitation and the requirement for user interaction. Organizations failing to address this vulnerability may face reputational damage and potential regulatory scrutiny under GDPR if personal data is compromised.

Organizations should upgrade SLiMS installations to version 9.6.0 or later where this vulnerability is patched. If immediate upgrading is not feasible, implement input validation and output encoding on the $_SERVER['PHP_SELF'] variable to neutralize malicious scripts. Employ Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts in browsers. Additionally, educate users about the risks of clicking on suspicious links and implement web application firewalls (WAFs) that can detect and block reflected XSS payloads targeting SLiMS endpoints. Regularly audit and monitor web server logs for unusual URL patterns that may indicate exploitation attempts. Finally, ensure session management is robust, with secure, HttpOnly cookies to reduce the impact of stolen session tokens.