Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in MedDream PACS Premium version 7.3.6.870, specifically within the modifyEmail functionality. This vulnerability allows an attacker to execute arbitrary JavaScript code by sending a crafted URL. The issue arises because the 'server' parameter in the Pacs/modifyEmail.php script is not properly sanitized before being outputted as HTML, enabling the injection of malicious scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to the Pacs/modifyEmail.php endpoint with a crafted 'server' parameter that includes injected HTML or JavaScript. The response will reflect the injected script, demonstrating the cross-site scripting vulnerability.

Remediation

Users are advised to update to the patched version released by the vendor on December 5, 2025.

Added: Jan 20, 2026, 4:16 PM
Updated: Jan 20, 2026, 6:37 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
6.8
remediation
7.7
relevance
2.2
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.