CVE-2025-30036

HIGH

CGM CLININET < 2024.MS4 - Stored Cross-Site Scripting in Ward Module Death Diagnosis Field

Title source: llm
STIX 2.1

Description

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.

References (1)

Core 1
Core References

Scores

CVSS v4 8.8
EPSS 0.0015
EPSS Percentile 4.2%
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
CGM/CGM CLININET < 2024.MS4
Published Aug 27, 2025
Tracked Since Feb 18, 2026