CVE-2025-35034

Medium CVSS: 5.1

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.

Vendor

Mieweb

Product

Enterprise Health

CWE

CWE-79

Yayın Tarihi

2025-09-29 20:15:33

Güncelleme

2026-01-02 20:32:33

Source Identifier

9119a7d8-5eab-497f-8521-727c672e3725

KEV Date Added

Kategoriler

CWE-79 Enterprise Health MEDIUM Mieweb 2025

Referanslar

https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-272-01.json https://www.cve.org/CVERecord?id=CVE-2025-35034

Benzer Kayıtlar

Medium

CVE-2025-35029

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authent…

High

CVE-2025-35030

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthen…

Medium

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker…

Medium

CVE-2025-35032

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of th…

Medium

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated…