Vulnerability Details CVE-2025-35034
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.2%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2025-35034
-
cpe:2.3:a:mieweb:enterprise_health:rc202309
-
cpe:2.3:a:mieweb:enterprise_health:rc202403
-
cpe:2.3:a:mieweb:enterprise_health:rc202409
-
cpe:2.3:a:mieweb:enterprise_health:rc202503