Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in MedDream PACS Premium version 7.3.6.870, specifically within the modifyHL7App functionality. This vulnerability allows for the execution of arbitrary JavaScript code via a specially crafted URL. The issue arises because the 'name' parameter in the 'Pacs/modifyHL7App.php' script is not properly sanitized before being outputted in the HTML, enabling attackers to inject malicious scripts that are executed in the context of the user's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's session.

Reproduction

To reproduce this vulnerability, send a GET request to 'Pacs/modifyHL7App.php' with a crafted 'name' parameter that includes injected JavaScript, such as a script tag. The response will include the injected script executed as part of the HTML.

Remediation

Users are advised to update to the patched version released by the vendor on December 5, 2025.

Added: Jan 20, 2026, 4:14 PM
Updated: Jan 20, 2026, 6:37 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.4
remediation
7.7
relevance
2.2
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.