Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in MedDream PACS Premium version 7.3.6.870, specifically within the modifyUser functionality. This vulnerability allows for the execution of arbitrary JavaScript code via a specially crafted URL. The issue arises because the 'user' parameter in the 'Pacs/modifyUser.php' script is not properly sanitized before being outputted in the HTML, enabling attackers to inject malicious scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to 'Pacs/modifyUser.php' with a crafted 'user' parameter that includes JavaScript code, such as a script tag containing JavaScript. The injected script will be executed when the response is rendered in a web browser.

Remediation

Users are advised to update to the patched version released by the vendor on December 5, 2025.

Added: Jan 20, 2026, 4:30 PM
Updated: Jan 20, 2026, 6:44 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.2
remediation
7.7
relevance
2.2
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.