38 matches found
CVE-2025-35029 Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of...
CVE-2025-35029 Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of...
CVE-2025-35029
CVE-2025-35029 affects Medical Informatics Engineering Enterprise Health with a stored cross-site scripting vulnerability on the Demographic Information page. An authenticated attacker can inject arbitrary content that is rendered and executed when a victim accesses it. The issue is fixed as of 2...
Medical Informatics Engineering Enterprise Health 安全漏洞
Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from a stored cross-site scripting attack that could lead to the execution of...
PT-2025-47627
Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description An authenticated attacker can inject arbitrary content into the 'Demographic Information' page, leading to the execution of malicious code when a...
EUVD-2025-31617
Malicious code in bioql PyPI...
EUVD-2025-31615
Malicious code in bioql PyPI...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35032
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...
CVE-2025-35033
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35030
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35030
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...
CVE-2025-35030
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...
CVE-2025-35032
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...
CVE-2025-35033
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35033
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35031
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. An attacker could convince a user to send this output to the attacker, thus allowing the attacker to impersonate that user. This issue is fixed as of 2025-04-08...
CVE-2025-35032
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...
CVE-2025-35034 Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portletuserid' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14...