Meddream Pacs Server vulnerabilities
38 known vulnerabilities affecting meddream/pacs_server.
Total CVEs
38
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH5MEDIUM30
Vulnerabilities
Page 2 of 2
CVE-2025-58092P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58092 [MEDIUM] CWE-79 CVE-2025-58092: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpexe parameter.
nvd
CVE-2025-58093P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58093 [MEDIUM] CWE-79 CVE-2025-58093: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpdir parameter.
nvd
CVE-2025-58091P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58091 [MEDIUM] CWE-79 CVE-2025-58091: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the thumbnaildir parameter.
nvd
CVE-2025-58088P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58088 [MEDIUM] CWE-79 CVE-2025-58088: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter.
nvd
CVE-2025-36556P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-36556 [MEDIUM] CWE-79 CVE-2025-36556: A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDrea
A reflected cross-site scripting (xss) vulnerability exists in the ldapUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54157P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54157 [MEDIUM] CWE-79 CVE-2025-54157: A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-53854P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-53854 [MEDIUM] CWE-79 CVE-2025-53854: A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of M
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-46270P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-46270 [MEDIUM] CWE-79 CVE-2025-46270: A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality o
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54495P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54495 [MEDIUM] CWE-79 CVE-2025-54495: A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of M
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-58087P4MEDIUMCVSS 6.1v7.3.6.8702026-01-20
CVE-2025-58087 [MEDIUM] CWE-79 CVE-2025-58087: Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the status parameter.
nvd
CVE-2025-58080P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-58080 [MEDIUM] CWE-79 CVE-2025-58080: A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of Med
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54853P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54853 [MEDIUM] CWE-79 CVE-2025-54853: A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDr
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-57786P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-57786 [MEDIUM] CWE-79 CVE-2025-57786: A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of M
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54861P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54861 [MEDIUM] CWE-79 CVE-2025-54861: A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of M
A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54778P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54778 [MEDIUM] CWE-79 CVE-2025-54778: A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of Med
A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-57881P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-57881 [MEDIUM] CWE-79 CVE-2025-57881: A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedD
A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54814P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54814 [MEDIUM] CWE-79 CVE-2025-54814: A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionali
A reflected cross-site scripting (xss) vulnerability exists in the modifyAutopurgeFilter functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
nvd
CVE-2025-54817P4MEDIUMCVSS 5.4v7.3.6.8702026-01-20
CVE-2025-54817 [MEDIUM] CWE-79 CVE-2025-54817: A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDre
A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.
nvd
← Previous2 / 2