20 matches found
CVE-2025-36556
A reflected cross-site scripting xss vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54157
A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54778
A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54852
CVE-2025-54852 is a pre-authenticated, reflected cross-site scripting (XSS) vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the modifyAeTitle.php script. A crafted URL with an unsanitized title parameter can cause arbitrary JavaScript execution in the web output. Talos confirms ...
CVE-2025-54814
A reflected cross-site scripting xss vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-53854
A reflected cross-site scripting xss vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-57787
MedDream PACS Premium 7.3.6.870 contains a pre-authenticated, reflected cross-site scripting (XSS) vulnerability in Pacs/modifyRoute.php. The vulnerability is caused by the un-sanitized value of the source parameter being written into HTML output, enabling an attacker to craft a URL that triggers...
CVE-2025-53707
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
CVE-2025-54853
Talos reports a post-auth reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870, func tion modifyUser.php, where the user parameter is echoed into HTML without sanitization. A crafted URL can trigger arbitrary JavaScript execution in the MedDream PACS web interface. Aff...
CVE-2025-57786
CVE-2025-57786 is a post-authenticated, reflected XSS in MedDream PACS Premium 7.3.6.870, specifically in the Pacs/notifynewstudy.php script where the value of the user parameter is written into HTML output without sanitization. Talos details confirm the vulnerability can trigger arbitrary JavaSc...
MedDream PACS Premium modifyAnonymize reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2259 MedDream PACS Premium modifyAnonymize reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-55071 SUMMARY A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS...
MedDream PACS Premium encapsulatedDoc reflected cross-site scripting (XSS) vulnerability
Talos Vulnerability Report TALOS-2025-2256 MedDream PACS Premium encapsulatedDoc reflected cross-site scripting XSS vulnerability January 20, 2026 CVE Number CVE-2025-54157 SUMMARY A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS...
PT-2026-3610
A reflected cross-site scripting xss vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
MedDream PACS Premium security vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability, which stems from a reflection-type cross-site scripting vulnerability in the modifyHL7App functio...
PT-2026-3595
A reflected cross-site scripting xss vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...
MedDream PACS Premium security vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability, which stems from a reflection-type cross-site scripting vulnerability in the modifyEmail function...
MedDream PACS Premium security vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a security vulnerability caused by a reflective cross-site scripting vulnerability in the ldapUser function, which may allo...
PT-2026-3602
A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...
MedDream PACS Premium Cross-site Scripting Vulnerability
MedDream PACS Premium is an enterprise-level image storage and management server suite developed by MedDream Corporation. Version 7.3.6.870 of MedDream PACS Premium contains a cross-site scripting vulnerability. This vulnerability stems from the longtermdir parameter in the config.php function,...
PT-2026-3594
A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...