Reflected Cross-Site Scripting Vulnerability in MedDream PACS Premium Software
CVE-2025-58093
6.1MEDIUM
What is CVE-2025-58093?
Multiple reflected cross-site scripting vulnerabilities have been identified in the config.php functionality of MedDream PACS Premium version 7.3.6.870. These vulnerabilities allow attackers to craft malicious URLs that can execute arbitrary JavaScript code. By exploiting the phpdir parameter, an attacker can trigger these vulnerabilities, potentially leading to unauthorized actions or information disclosure.
Affected Version(s)
MedDream PACS Premium 7.3.6.870
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Discovered by Marcin 'Icewall' Noga of Cisco Talos.