Medical Informatics Engineering Enterprise Health reflected cross site scripting via...

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Description

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.

Basic Information

ID CVE-2025-35034

Source cisa-cg

Published Sep 29, 2025 at 20:01

Affected Product

Vendor Medical Informatics Engineering

Product Enterprise Health

Version RC202503

Affected Versions Medical Informatics Engineering Enterprise Health RC202503
Medical Informatics Engineering Enterprise Health RC202409
Medical Informatics Engineering Enterprise Health RC202403
Medical Informatics Engineering Enterprise Health RC202309

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.",
    "published": "2025-09-29T20:01:58.419Z",
    "modified": "2025-09-29T20:01:58.419Z",
    "type": "cve",
    "title": "Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35034",
    "id": "CVE-2025-35034",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Medical Informatics Engineering Enterprise Health RC202503\nMedical Informatics Engineering Enterprise Health RC202409\nMedical Informatics Engineering Enterprise Health RC202403\nMedical Informatics Engineering Enterprise Health RC202309",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Health",
    "version": "RC202503",
    "vendor": "Medical Informatics Engineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id_CVE-2025-35034