Lucene search
+L

38 matches found

cvelist
cvelist
added 2025/11/20 7:34 p.m.11 views

CVE-2025-35029 Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of...

4.8CVSS0.00179EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/11/20 7:34 p.m.4 views

CVE-2025-35029 Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of...

4.8CVSS5.7AI score0.00179EPSS
Exploits0References2
cve
cve
added 2025/11/20 7:34 p.m.12 views

CVE-2025-35029

CVE-2025-35029 affects Medical Informatics Engineering Enterprise Health with a stored cross-site scripting vulnerability on the Demographic Information page. An authenticated attacker can inject arbitrary content that is rendered and executed when a victim accesses it. The issue is fixed as of 2...

5.4CVSS5.7AI score0.00179EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2025/11/20 12:0 a.m.8 views

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from a stored cross-site scripting attack that could lead to the execution of...

5.4CVSS6.2AI score0.00179EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.9 views

PT-2025-47627

Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description An authenticated attacker can inject arbitrary content into the 'Demographic Information' page, leading to the execution of malicious code when a...

5.4CVSS6.2AI score0.00179EPSS
Exploits0References7
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31617

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.00184EPSS
Exploits0References3
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-31615

Malicious code in bioql PyPI...

6.2CVSS6.6AI score0.00236EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/09/30 8:56 p.m.9 views

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

4.6CVSS6.7AI score0.00133EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/30 8:56 p.m.14 views

CVE-2025-35032

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...

6.2CVSS6.9AI score0.00236EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/30 8:56 p.m.11 views

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

6.3CVSS7.1AI score0.00222EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/09/30 8:56 p.m.11 views

CVE-2025-35030

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...

8.6CVSS6.6AI score0.00184EPSS
Exploits0References1
nvd
nvd
added 2025/09/29 8:15 p.m.8 views

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

5.5CVSS0.00133EPSS
Exploits0References2
nvd
nvd
added 2025/09/29 8:15 p.m.8 views

CVE-2025-35030

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...

8.8CVSS0.00184EPSS
Exploits0References2
osv
osv
added 2025/09/29 8:15 p.m.5 views

CVE-2025-35030

Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...

8.8CVSS5.3AI score0.00184EPSS
Exploits0References2
nvd
nvd
added 2025/09/29 8:15 p.m.5 views

CVE-2025-35032

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...

9.9CVSS0.00236EPSS
Exploits0References2
osv
osv
added 2025/09/29 8:15 p.m.5 views

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References2
nvd
nvd
added 2025/09/29 8:15 p.m.7 views

CVE-2025-35033

Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...

6.3CVSS0.00222EPSS
Exploits0References2
osv
osv
added 2025/09/29 8:15 p.m.6 views

CVE-2025-35031

Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...

5.5CVSS5.8AI score0.00133EPSS
Exploits0References2
osv
osv
added 2025/09/29 8:15 p.m.6 views

CVE-2025-35032

Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...

9.9CVSS5.9AI score0.00236EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/09/29 8:1 p.m.4 views

CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...

5.1CVSS6.4AI score0.0024EPSS
Exploits0References2
Rows per page
Query Builder