CVE-2025-30036

Name of the Vulnerable Software and Affected Versions: Oddział module (affected versions not specified)

Description: A stored cross-site scripting (XSS) issue exists in the “Oddział” (Ward) module, specifically within the death diagnosis description field. Successful exploitation allows attackers to execute arbitrary JavaScript code. This could lead to session hijacking of other users and potential privilege escalation, possibly up to full administrative rights.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.