CVE-2025-58095
published 2026-01-20CVE-2025-58095: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted…
PriorityP428medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.24%
15.0th percentile
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| meddream | meddream_pacs_premium | — | — |
| meddream | pacs_server | — | — |
| msrc | azl3_kernel_6.6.92.2-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_msrc6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2x3-fg55-f87f: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config
ghsa_unreviewed·2026-01-20
CVE-2025-58095 [MEDIUM] CWE-79 GHSA-p2x3-fg55-f87f: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter.
Microsoft
jfs: add check read-only before txBeginAnon() call
vendor_msrc·2025-04-08·CVSS 6.6
CVE-2024-58095 [MEDIUM] jfs: add check read-only before txBeginAnon() call
jfs: add check read-only before txBeginAnon() call
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
No detection rules found.
No public exploits indexed.
Talos
Foxit, Epic Games Store, MedDreams vulnerabilities
blogs_talos·2026-01-22·CVSS 8.8
[HIGH] Foxit, Epic Games Store, MedDreams vulnerabilities
## Foxit, Epic Games Store, MedDreams vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy .
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org , and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website .
## Foxit privilege escalation and use-after-free vulnerabilities
Discovered by KPC of Cisco Talos.
Foxit PDF Editor is a popular PDF handling platform for editing, e-signing, an
Talos
Foxit, Epic Games Store, MedDreams vulnerabilities
blogs_talos·2026-01-22·CVSS 8.8
[HIGH] Foxit, Epic Games Store, MedDreams vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in Foxit PDF Editor, one in the Epic Games Store, and twenty-one in MedDream PACS.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.
## Foxit privilege escalation and use-after-free vulnerabilities
Discovered by KPC of Cisco Talos.
Foxit PDF Editor is a popular PDF handling platform for editing, e-signing, and collaborating on PDF documents. Talos found three vulner
2026-01-20
Published