cvedb.io
CVE-2025-30036
UNKNOWN · CVSS n/a
EPSS exploitation probability: 0%
Published 2025-08-27T11:15:32.353 · Last modified 2026-06-17T09:08:04.720

Summary

Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.