9 matches found
PT-2025-47627
Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description An authenticated attacker can inject arbitrary content into the 'Demographic Information' page, leading to the execution of malicious code when a...
CVE-2025-35033
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35030
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...
CVE-2025-35032
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. The impact of this behavior depends on how files are accessed. This issue is fixed as of 2025-04-08...
CVE-2025-35030
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...
CVE-2025-35033
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35033
CVE-2025-35033 concerns Medical Informatics Engineering Enterprise Health. Affected: the platform's CSV export/download feature allowing a remote, authenticated attacker to inject macros into downloadable CSV files (CSV injection). Root cause details are not expanded in the provided documents bey...
CVE-2025-35033 Medical Informatics Engineering Enterprise Health CSV injection
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. This issue is fixed as of 2025-03-14...
CVE-2025-35030 Medical Informatics Engineering Enterprise Health cross site request forgery
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and perform actions on behalf of that administrative user. This issue is fixed as of 2025-04-08...