CVE-2025-54157

Summary (CVE-2025-54157): Cisco Talos reports a post-authentication, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the encapsulatedDoc.php path. A crafted URL can cause arbitrary JavaScript execution, potentially affecting users who can access th...

PT-2026-3597

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870 Description An arbitrary file read issue exists in the encapsulatedDoc functionality. A specially crafted HTTP request can lead to unauthorized file access. An attacker can send an HTTP request to the...