Medical Informatics Engineering Enterprise Health stored cross site scripting via...

3.5 / 10

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Description

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.

Basic Information

ID CVE-2025-35029

Source cisa-cg

Published Nov 20, 2025 at 19:34

Affected Product

Vendor Medical Informatics Engineering

Product Enterprise Health

Version RC202503

Affected Versions Medical Informatics Engineering Enterprise Health RC202503
Medical Informatics Engineering Enterprise Health RC202409
Medical Informatics Engineering Enterprise Health RC202403
Medical Informatics Engineering Enterprise Health RC202309

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.",
    "published": "2025-11-20T19:34:31.465Z",
    "modified": "2025-11-20T19:34:31.465Z",
    "type": "cve",
    "title": "Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page",
    "source": "cisa-cg",
    "references": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json\nhttps://www.cve.org/CVERecord?id=CVE-2025-35029",
    "id": "CVE-2025-35029",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Medical Informatics Engineering Enterprise Health RC202503\nMedical Informatics Engineering Enterprise Health RC202409\nMedical Informatics Engineering Enterprise Health RC202403\nMedical Informatics Engineering Enterprise Health RC202309",
    "sourceHref": "",
    "cvss": {
        "score": 3.5,
        "severity": "LOW",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Enterprise Health",
    "version": "RC202503",
    "vendor": "Medical Informatics Engineering",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page_CVE-2025-35029