CVE-2025-35029

Summary

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.

Affected Software

VendorProductVersion RangeStatus
Medical Informatics EngineeringEnterprise HealthRC202503 < RC202503 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202409 < RC202409 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202403 < RC202403 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202309 < RC202309 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202503 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202409 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202403 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202309 2025-04-08unaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References