Pacs Premium CVEs and Security Vulnerabilities

Filtered by vendor Meddream Subscriptions

Filtered by product Pacs Premium Subscriptions

Search

Switch to Advanced Search (Beta)

Total 33 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-58093	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpdir parameter.
CVE-2025-58094	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the worklistsrc parameter.
CVE-2025-58091	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the thumbnaildir parameter.
CVE-2025-57786	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-53707	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-58090	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the uploaddir parameter.
CVE-2025-54853	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-53912	1 Meddream	1 Pacs Premium	2026-01-21	9.6 Critical
An arbitrary file read vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted HTTP request can lead to an arbitrary file read. An attacker can send http request to trigger this vulnerability.
CVE-2025-57787	1 Meddream	1 Pacs Premium	2026-01-21	6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-32731	1 Meddream	2 Pacs Premium, Pacs Server	2025-11-03	6.1 Medium
A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2025-27724	1 Meddream	2 Pacs Premium, Pacs Server	2025-11-03	9.3 Critical
A privilege escalation vulnerability exists in the login.php functionality of meddream MedDream PACS Premium 7.3.3.840. A specially crafted .php file can lead to elevated capabilities. An attacker can upload a malicious file to trigger this vulnerability.
CVE-2025-26469	1 Meddream	2 Pacs Premium, Pacs Server	2025-11-03	9.3 Critical
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or application to exploit this vulnerability.
CVE-2025-24485	1 Meddream	2 Pacs Premium, Pacs Server	2025-11-03	5.8 Medium
A server-side request forgery vulnerability exists in the cecho.php functionality of MedDream PACS Premium 7.3.5.860. A specially crafted HTTP request can lead to SSRF. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.

« first previous Page 2 of 2.