MedDream PACS Premium
Moderate fix1 remedy
cpe:2.3:a:softneta:meddream_pacs:*:*:*:*:*:*:*
Moderate fix1 remedy
- 7.3.6.870
MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in MedDream PACS Premium version 7.3.6.870, specifically within the notifynewstudy feature. This vulnerability allows an attacker to execute arbitrary JavaScript by sending a crafted URL. The issue arises because the application fails to properly sanitize the 'user' parameter in the notifynewstudy.php script, allowing injected scripts to be executed in the user's browser.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's session.
Reproduction
To reproduce this vulnerability, send a GET request to the 'Pacs/notifynewstudy.php' endpoint with a 'user' parameter containing injected JavaScript, such as a script tag including JavaScript code, and a 'uid' parameter. The response will echo the injected script, executing it in the browser.
Remediation
Users are advised to update to the patched version released by the vendor on December 5, 2025.
Added: Jan 20, 2026, 4:22 PM
Updated: Jan 20, 2026, 6:41 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
1.7exploitability
6.2remediation
7.7relevance
2.3threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.