Reflected Cross-Site Scripting Vulnerability in Medical Informatics Engineering Product
CVE-2025-35034

5.1MEDIUM

Key Information:

Vendor

Medical Informatics Engineering

Status
Enterprise Health
Vendor
CVE Published:
29 September 2025

What is CVE-2025-35034?

The Enterprise Health product by Medical Informatics Engineering is susceptible to a reflected cross-site scripting (XSS) vulnerability. This arises from improper handling of the 'portlet_user_id' URL parameter, allowing an unauthenticated remote attacker to manipulate the URL to execute JavaScript code in the browser of a victim. Attackers can exploit this security flaw, potentially leading to unauthorized actions or data exposure. The issue was addressed in an update released on March 14, 2025.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Enterprise Health RC202503

Enterprise Health RC202409

Enterprise Health RC202403

References

https://raw.githubusercontent.com/cisagov/CSAF/develop/cs...
https://www.cve.org/CVERecord?id=CVE-2025-35034

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

George Thompson, Sandia National Laboratories
Trevor LaPay, Sandia National Laboratories
Fernando Martinez, Sandia National Laboratories
Gary Huang, Sandia National Laboratories
JSON
.