Search
Search Results (33 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54778 | 1 Meddream | 1 Pacs Premium | 2026-01-22 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54157 | 1 Meddream | 1 Pacs Premium | 2026-01-22 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54495 | 1 Meddream | 1 Pacs Premium | 2026-01-22 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-53516 | 1 Meddream | 1 Pacs Premium | 2026-01-22 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-54817 | 1 Meddream | 1 Pacs Premium | 2026-01-22 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability. | ||||
| CVE-2025-58087 | 1 Meddream | 1 Pacs Premium | 2026-01-21 | 6.1 Medium |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the status parameter. | ||||
| CVE-2025-36556 | 1 Meddream | 1 Pacs Premium | 2026-01-21 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-58088 | 1 Meddream | 1 Pacs Premium | 2026-01-21 | 6.1 Medium |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter. | ||||
| CVE-2025-53912 | 1 Meddream | 1 Pacs Premium | 2026-01-21 | 9.6 Critical |
| An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability. | ||||
| CVE-2025-32731 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2025-11-04 | 6.1 Medium |
| A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2025-27724 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2025-11-04 | 9.3 Critical |
| A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability. | ||||
| CVE-2025-26469 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2025-11-04 | 9.3 Critical |
| An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability. | ||||
| CVE-2025-24485 | 1 Meddream | 2 Pacs Premium, Pacs Server | 2025-11-04 | 5.8 Medium |
| A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||