Philips Vue PACS
Easy fix3 remedies
cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*
Easy fix3 remedies
- <= 12.2.x.x
Philips Vue PACS Improper Input Validation Vulnerability Allowing Cross-Site Scripting
Vulnerability
Patched
A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, as well as in Vue MyVue, Vue Speech, and Vue Motion (through 12.2.1.5). The issue stems from improper input validation, which allows user-controllable input to be inadequately neutralized before being output as a webpage, potentially leading to cross-site scripting attacks. Additionally, the software fails to properly validate structured messages or data before processing them, creating further security risks.
Impact
Exploitation of this vulnerability could allow for cross-site scripting, where an attacker could inject malicious scripts that are executed in the context of the user's browser.
Remediation
Philips has released version 12.2.8.100 for PACS in Q1 2022, which addresses this vulnerability. For specific installation details and eligibility, contact a Philips Sales representative or submit a quote request through the eService portal.
Added: May 15, 2026, 8:46 AM
Updated: May 15, 2026, 8:46 AM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
1.7exploitability
6.0remediation
8.3relevance
0.0threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.