Stored XSS permitting session takeover of arbitrary user_CVE-2025-30036

8.8 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.

Basic Information

ID CVE-2025-30036

Source CERT-PL

Published Aug 27, 2025 at 10:19

Affected Product

Vendor CGM

Product CGM CLININET

Affected Versions CGM CGM CLININET 0

CWE Classification

CWE-79

References

cert.pl /en/posts/2025/08/CVE-2025-2313/

{
    "lastseen": "",
    "description": "Stored XSS vulnerability exists in the \"Oddzia\u0142\" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.",
    "published": "2025-08-27T10:19:41.153Z",
    "modified": "2025-08-27T10:19:41.153Z",
    "type": "cve",
    "title": "Stored XSS permitting session takeover of arbitrary user",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2025/08/CVE-2025-2313/",
    "id": "CVE-2025-30036",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "CGM CGM CLININET 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CGM CLININET",
    "version": "0",
    "vendor": "CGM",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}