PT-2026-3615 · Unknown · Meddream Pacs Premium
Marcin Icewall
·
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2025-58091
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MedDream PACS Premium version 7.3.6.870
Description
The software contains multiple reflected cross-site scripting (XSS) issues within the
config.php functionality. A malicious URL crafted by an attacker can lead to arbitrary JavaScript code execution. The thumbnaildir parameter is specifically identified as a point of exploitation. An attacker can provide a crafted URL to trigger these issues.Recommendations
Apply updates to address the identified vulnerabilities in version 7.3.6.870.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meddream Pacs Premium