Meddream Pacs Premium vulnerabilities
33 known vulnerabilities affecting meddream/meddream_pacs_premium.
Total CVEs
33
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM29
Vulnerabilities
Page 1 of 2
CVE-2025-26469P2CRITICALCVSS 9.8v7.3.3.8402025-07-28
CVE-2025-26469 [CRITICAL] CWE-732 CVE-2025-26469: An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues func
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840.
A specially crafted application can decrypt credentials stored in a configuration-related registry key.
An attacker can execute a malicious script or application to exploit this vulnerability.
nvd
CVE-2025-24485P3HIGHCVSS 7.5v7.3.5.8602025-07-28
CVE-2025-24485 [HIGH] CWE-918 CVE-2025-24485: A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS P
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
nvd
CVE-2025-27724P3CRITICALCVSS 9.8v7.3.3.8402025-07-28
CVE-2025-27724 [CRITICAL] CWE-284 CVE-2025-27724: A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.
nvd
CVE-2025-53912P3HIGHCVSS 8.1v7.3.6.8702026-01-20
CVE-2025-53912 [HIGH] CWE-73 CVE-2025-53912: An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Pr
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
nvd
CVE-2025-53516P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-53516 [MEDIUM] CWE-79 CVE-2025-53516: A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedD
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-44000P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-44000 [MEDIUM] CWE-79 CVE-2025-44000: A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of Me
A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-53707P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-53707 [MEDIUM] CWE-79 CVE-2025-53707: A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-32731P4MEDIUMCVSS 6.1v7.3.5.8602025-07-28
CVE-2025-32731 [MEDIUM] CWE-79 CVE-2025-32731: A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functiona
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-55071P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-55071 [MEDIUM] CWE-79 CVE-2025-55071: A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of
A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-57787P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-57787 [MEDIUM] CWE-79 CVE-2025-57787: A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedD
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54852P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-54852 [MEDIUM] CWE-79 CVE-2025-54852: A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of Me
A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-58095P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58095 [MEDIUM] CWE-79 CVE-2025-58095: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter.
nvd
CVE-2025-58089P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58089 [MEDIUM] CWE-79 CVE-2025-58089: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the longtermdir parameter.
nvd
CVE-2025-58094P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58094 [MEDIUM] CWE-79 CVE-2025-58094: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the worklistsrc parameter.
nvd
CVE-2025-58090P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58090 [MEDIUM] CWE-79 CVE-2025-58090: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the uploaddir parameter.
nvd
CVE-2025-58092P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58092 [MEDIUM] CWE-79 CVE-2025-58092: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpexe parameter.
nvd
CVE-2025-58093P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58093 [MEDIUM] CWE-79 CVE-2025-58093: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpdir parameter.
nvd
CVE-2025-58091P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58091 [MEDIUM] CWE-79 CVE-2025-58091: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the thumbnaildir parameter.
nvd
CVE-2025-58088P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58088 [MEDIUM] CWE-79 CVE-2025-58088: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter.
nvd
CVE-2025-36556P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-36556 [MEDIUM] CWE-79 CVE-2025-36556: A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDrea
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
1 / 2Next →