4 matches found
MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)
MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...
CVE-2025-54817
A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...
CVE-2025-54817
CVE-2025-54817 — MedDream PACS Premium 7.3.6.870 is affected by a reflected XSS vulnerability in the autoPurge functionality. TALOS details a post-authentication vulnerability in Pacs/autoPurge.php where the value of the purgeby parameter is written to HTML output without sanitization, enabling a...
PT-2026-3602
A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...