CVE-2025-35029 LOW

CVE-2025-35029: Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page

Vendor Medical Informatics Engineering
Product Enterprise Health
Weakness CWE-79 · XSS
Published November 20, 2025
Last update December 2, 2025
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. This content will be rendered and executed when a victim accesses it. This issue is fixed as of 2025-03-14.

Key dates

02Disclosure timeline

November 20, 2025 CVE published
December 2, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-49259 WordPress Primary Addon for Elementor plugin <= 1.5.8 - Cross Site Scripting (XSS) vulnerability CVE-2024-47365 WordPress Automatically Hierarchic Categories in Menu plugin <= 2.0.5 - Cross Site Scripting (XSS) vulnerability CVE-2018-0091 CVE-2023-1354 SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System register.php cross site scripting CVE-2024-51712 WordPress Jigoshop plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability