Описание
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
Ссылки
- Third Party Advisory
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:mieweb:enterprise_health:rc202309:*:*:*:*:*:*:*
cpe:2.3:a:mieweb:enterprise_health:rc202403:*:*:*:*:*:*:*
cpe:2.3:a:mieweb:enterprise_health:rc202409:*:*:*:*:*:*:*
cpe:2.3:a:mieweb:enterprise_health:rc202503:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00099
Низкий
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.3
github
4 месяца назад
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. A remote, unauthenticated attacker can craft a URL that can execute arbitrary JavaScript in the victim's browser. This issue is fixed as of 2025-03-14.
EPSS
Процентиль: 27%
0.00099
Низкий
4.3 Medium
CVSS3
6.1 Medium
CVSS3
Дефекты
CWE-79