PT-2026-3619 · Unknown · Meddream Pacs Premium
Marcin Icewall
·
Published
2026-01-20
·
Updated
2026-01-20
·
CVE-2025-58095
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
MedDream PACS Premium version 7.3.6.870
Description
The software contains multiple reflected cross-site scripting (xss) issues within the config.php functionality. A crafted URL can trigger these issues, potentially leading to arbitrary javascript code execution. The
imagedir parameter is specifically identified as a point of exploitation.Recommendations
Apply updates to address the identified issues in the config.php functionality.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Meddream Pacs Premium