3218 matches found
CVE-2025-54157
Summary (CVE-2025-54157): Cisco Talos reports a post-authentication, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the encapsulatedDoc.php path. A crafted URL can cause arbitrary JavaScript execution, potentially affecting users who can access th...
CVE-2025-54157
A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-46270
Talos reports MedDream PACS Premium 7.3.6.870 contains a post-authenticated reflected XSS in Pacs/fetchPriorStudies.php, triggered by a crafted uid URL parameter. The vulnerability can cause arbitrary JavaScript execution in the attacker’s browser when the vulnerable page outputs unsanitized uid ...
CVE-2025-46270
A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-55071
A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54852
CVE-2025-54852 is a pre-authenticated, reflected cross-site scripting (XSS) vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the modifyAeTitle.php script. A crafted URL with an unsanitized title parameter can cause arbitrary JavaScript execution in the web output. Talos confirms ...
CVE-2025-54852
A reflected cross-site scripting xss vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54814
MedDream PACS Premium 7.3.6.870 contains a post-auth reflected XSS in Pacs/modifyAutopurgeFilter.php via the key URL parameter. A crafted URL can cause arbitrary JavaScript execution in the affected web output. Talos reports the vulnerability as TALOS-2025-2261 (CVE-2025-54814) with CVSSv3.1 6.1 ...
CVE-2025-54861
A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54861
A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54861
A reflected cross-site scripting xss vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54861
MedDream PACS Premium 7.3.6.870 is affected by a post-authenticated, reflected cross-site scripting vulnerability in the function delivered by the web script Pacs/modifyCoercion.php . The flaw stems from writing the attacker-controlled parameter title into HTML output without sanitization, allowi...
CVE-2025-58080
Summary: The CVE-2025-58080 vulnerability affects MedDream PACS Premium 7.3.6.870 and is a post-auth, reflected cross-site scripting (XSS) in the modifyHL7App.php path. The issue arises because the attacker-controlled value of the name parameter is written into HTML output without sanitization, e...
CVE-2025-53707
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-57786
A reflected cross-site scripting xss vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-44000
A reflected cross-site scripting xss vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-58089
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-58094
Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...
CVE-2025-36556
A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
MedDream PACS Premium security vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability. This vulnerability stems from a reflection-type cross-site scripting vulnerability in the...