Stored Cross-Site Scripting Vulnerability in Sante PACS Server by Sante
CVE-2025-54862

4.8MEDIUM

Key Information:

Vendor: Santesoft
Status: Sante Pacs Server
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-54862?

The Sante PACS Server web portal has a vulnerability that allows an attacker to execute stored cross-site scripting (XSS) attacks. By injecting malicious HTML code, the attacker can redirect users to harmful websites and potentially steal cookies, compromising sensitive user information. This type of vulnerability emphasizes the need for secure coding practices and regular updates to safeguard against exploit attempts.

Affected Version(s)

Sante PACS Server 0 < 4.2.3

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 5, 2025

Credit

Chizuru Toyama of TXOne Networks reported these vulnerabilities to CISA.