CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) is affected by a cross-site scripting flaw in the Web UI that allows an unauthenticated attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected produc...

CVE-2025-54817

A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...

CVE-2025-54817

A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...

CVE-2025-54817

A reflected cross-site scripting xss vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability...

CVE-2025-53516

Cisco Talos discloses a pre-auth, reflected XSS in MedDream PACS Premium 7.3.6.870 via the downloadZip.php script, triggered by a crafted URL parameter (seq). Successful exploitation could lead to arbitrary JavaScript execution in the context of the user’s browser. Affected component: Pacs/downlo...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-53516

A reflected cross-site scripting xss vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54495

A reflected cross-site scripting xss vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54495

CVE-2025-54495 is a reflected xss vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the emailfailedjob.php flow. Cisco Talos identifies a post-authenticated flaw where the value of the jobid parameter is written into HTML output without sanitization, enabling arbitrary JavaScript ...

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

A reflected cross-site scripting xss vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54157

Summary (CVE-2025-54157): Cisco Talos reports a post-authentication, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870, specifically in the encapsulatedDoc.php path. A crafted URL can cause arbitrary JavaScript execution, potentially affecting users who can access th...

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-54778

Talos discloses a post-authenticated, reflected cross-site scripting vulnerability in MedDream PACS Premium 7.3.6.870’s Pacs/existingUser.php. The attacker can craft a URL that injects JavaScript (via the external parameter) and triggers arbitrary code execution in the context of the user’s brows...

CVE-2025-46270

A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-46270

A reflected cross-site scripting xss vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-46270

Talos reports MedDream PACS Premium 7.3.6.870 contains a post-authenticated reflected XSS in Pacs/fetchPriorStudies.php, triggered by a crafted uid URL parameter. The vulnerability can cause arbitrary JavaScript execution in the attacker’s browser when the vulnerable page outputs unsanitized uid ...

CVE-2025-55071

CVE-2025-55071 corresponds to a pre-authenticated reflected XSS in MedDream PACS Premium 7.3.6.870, specifically in Pacs/modifyAnonymize.php. The vuln is triggered via the name parameter, which is written into HTML output without sanitization, enabling arbitrary JavaScript execution when a crafte...

CVE-2025-55071

A reflected cross-site scripting xss vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...