CVE-2025-30036
HIGHCGM CLININET < 2024.MS4 - Stored Cross-Site Scripting in Ward Module Death Diagnosis Field
Title source: llmDescription
Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.
References (1)
Core 1
Core References
Various Sources
https://cert.pl/en/posts/2025/08/CVE-2025-2313/
Scores
CVSS v4
8.8
EPSS
0.0015
EPSS Percentile
4.2%
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (1)
CGM/CGM CLININET
< 2024.MS4
Published
Aug 27, 2025
Tracked Since
Feb 18, 2026