CVE-2025-35034
Published: Sep 29, 2025
Modified: Sep 30, 2025
CVSS v3.1
4.3
Description
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
| Vendor | Product | Versions |
|---|---|---|
Medical Informatics Engineering | Enterprise Health | affected RC202503 - < RC202503 2025-04-08affected RC202409 - < RC202409 2025-04-08affected RC202403 - < RC202403 2025-04-08affected RC202309 - < RC202309 2025-04-08unaffected RC202503 2025-04-08+3 more versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now