CVE-2025-53854

A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-36556

A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-58087

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

CVE-2025-53912

MedDream PACS Premium 7.3.6.870 is affected by CVE-2025-53912. Cisco Talos details a post-auth arbitrary file read in the encapsulatedDoc functionality, reachable via a specially crafted HTTP request to Pacs/encapsulatedDoc.php where the attacker controls the path parameter (no sanitization). The...

PT-2026-3611

Multiple reflected cross-site scripting xss vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This...

MedDream PACS Premium 安全漏洞

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. A security bypass vulnerability exists in MedDream PACS Premium that stems from improper default permissions in the CServerSettings::SetRegistryValues function, which can be exploited by an...

CVE-2023-39227

​Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials...

Softneta MedDream PACS Security Breach

Softneta MedDream PACS is a server from Softneta Inc. for storing, archiving, managing, and viewing medical images. A security vulnerability exists in Softneta MedDream PACS v7.2.8.810 and prior versions that stems from a lack of authentication checks. An unauthenticated attacker could exploit th...