PT-2026-3612 · Unknown · Meddream Pacs Premium

Marcin Icewall

Publicado

2026-01-20

Atualizado

2026-01-21

CVE-2025-58088

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870

Description The software contains multiple reflected cross-site scripting (xss) issues within the config.php functionality. A crafted URL can trigger these issues, potentially leading to arbitrary javascript code execution. The archivedir parameter is specifically identified as a point of exploitation. An attacker can provide a malicious URL to trigger these vulnerabilities.

Recommendations Apply updates to address the identified issues in the config.php functionality.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2025-58088

Produtos afetados

Meddream Pacs Premium

PT-2026-3612 · Unknown · Meddream Pacs Premium

CVE-2025-58088

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5