PT-2026-3613 · Unknown · Meddream Pacs Premium
Marcin Icewall
·
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2025-58089
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MedDream PACS Premium version 7.3.6.870
Description
The software contains multiple reflected cross-site scripting (xss) issues within the
config.php functionality. An attacker can exploit these issues by providing a crafted URL, potentially leading to arbitrary javascript code execution. The longtermdir parameter is specifically identified as a point of exploitation.Recommendations
Apply updates to address the identified issues in the
config.php functionality.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meddream Pacs Premium