CVE-2025-35034

Summary

Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.

Affected Software

VendorProductVersion RangeStatus
Medical Informatics EngineeringEnterprise HealthRC202503 < RC202503 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202409 < RC202409 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202403 < RC202403 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202309 < RC202309 2025-04-08affected
Medical Informatics EngineeringEnterprise HealthRC202503 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202409 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202403 2025-04-08unaffected
Medical Informatics EngineeringEnterprise HealthRC202309 2025-04-08unaffected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References