The flaws are serious as they allow an attacker to retrieve user credentials once a user clicks a malicious link. LabKey Server version 18.3.0-61806.763, released on January 16, patches all three issues, so users should update as soon as possible. Public health organizations, medical research centers, and universities around the globe use LabKey solutions. The flaws exist in LabKey server Community Edition 18.2-60106.64, which allows a remote unauthenticated attacker to run arbitrary code through their browser.
Source: https://threatpost.com/labkey-vulnerabilities-medical-research/141200/