CVE-2025-58094

Name of the Vulnerable Software and Affected Versions MedDream PACS Premium version 7.3.6.870

Description The software contains multiple reflected cross-site scripting (xss) issues within the config.php functionality. A malicious URL, crafted to exploit these issues, can lead to arbitrary javascript code execution. The worklistsrc parameter is specifically identified as a point of exploitation. An attacker can provide a crafted URL to trigger these issues.

Recommendations Apply updates to address the identified issues in the config.php functionality. As a temporary workaround, sanitize or encode the worklistsrc parameter to prevent the execution of arbitrary javascript code.