CVE-2025-30036

Vulnerability Description

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.

Related Weaknesses (CWE)

CWE-79

References

https://cert.pl/en/posts/2025/08/CVE-2025-2313/

FAQ

What is CVE-2025-30036?

CVE-2025-30036 is a documented vulnerability. Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of o...

How severe is CVE-2025-30036?

CVSS scoring is not yet available for CVE-2025-30036. Check NVD for updates.

Is there a patch for CVE-2025-30036?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.