Enterprise Health
Monthly
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a stored cross site scripting vulnerability that allows an authenticated attacker to add arbitrary content in the 'Demographic Information' page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a reflected cross site scripting vulnerability in the 'portlet_user_id' URL parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a CSV injection vulnerability that allows a remote, authenticated attacker to inject macros in downloadable CSV files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health allows authenticated users to upload arbitrary files. Rated medium severity (CVSS 6.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health includes the user's current session token in debug output. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Medical Informatics Engineering Enterprise Health has a cross site request forgery vulnerability that allows an unauthenticated attacker to trick administrative users into clicking a crafted URL and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.