CVE-2025-32731
published 2025-07-28CVE-2025-32731: A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.71%
48.9th percentile
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meddream | meddream_pacs_premium | — | — |
| meddream | pacs_server | — | — |
| msrc | azl3_grpc_1.42.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_msrc7.4HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mj58-grhx-fvmf: A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport
ghsa_unreviewed·2025-07-28
CVE-2025-32731 [MEDIUM] CWE-79 GHSA-mj58-grhx-fvmf: A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
Microsoft
Information leak in gRPC
vendor_msrc·2023-06-13·CVSS 7.4
CVE-2023-32731 [HIGH] CWE-440 Information leak in gRPC
Information leak in gRPC
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Google: Google
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/az
Suricata
ET MALWARE MedDream PACS Premium radiationDoseReport.php Reflected Cross-Site Scripting (CVE-2025-32731)
suricata·2026-01-02·CVSS 6.1
CVE-2025-32731 [MEDIUM] ET MALWARE MedDream PACS Premium radiationDoseReport.php Reflected Cross-Site Scripting (CVE-2025-32731)
ET MALWARE MedDream PACS Premium radiationDoseReport.php Reflected Cross-Site Scripting (CVE-2025-32731)
Rule: alert http any any -> any any (msg:"ET MALWARE MedDream PACS Premium radiationDoseReport.php Reflected Cross-Site Scripting (CVE-2025-32731)"; flow:established,to_server; http.method; content:"GET"; content:"/Pacs/radiationDoseReport.php"; http.uri; fast_pattern; pcre:"/]{0,64}(?:img|svg|script|body|iframe|input|button|marquee|video|audio|object|embed)[^>]{0,64}(?:onerror|onload|onclick|onmouseover|onfocus|onblur|onchange|onsubmit|onkeydown|onkeyup|onkeypress)/Ui"; reference:url,talosintelligence.com/vulnerability_reports/talos-2025-2176; reference:cve,2025-32731; classtype:web-application-attack; sid:2066553; rev:1; metadata:attack_target Server, tls_state TLSDecrypt, created_at
No public exploits indexed.
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
## WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetizat
Talos
WWBN, MedDream, Eclipse vulnerabilities
blogs_talos·2025-08-06·CVSS 8.8
[HIGH] WWBN, MedDream, Eclipse vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## WWBN XSS, race condition, incomplete blacklist vulnerabilities
Discovered by Claudio Bozzato of Cisco Talos.
WWBN AVideo is a video streaming platform with hosting, management, and video monetization features.
Talos found five cross-site scri
2025-07-28
Published