216.73.216.133

CVE-2025-30036

· Published 27/08/2025 11:15 · Modified 27/08/2025 11:15

Labels: CVE-2025-30036 2025-08-27CVE-2025-30036CWE-79[email protected]

Essential information

Published
27/08/2025 11:15
Modified
27/08/2025 11:15
Author
Creator
CVSS
8.8 HIGH (v3) 8.8 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
* / oddzial cpe:2.3:a:*:oddzial:*:*:*:*:*:*:*:*

References