Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability in config.php

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the config.php file of MedDream PACS Premium version 7.3.6.870. This vulnerability allows attackers to execute arbitrary JavaScript by sending specially crafted URLs that exploit the unvalidated status parameter. The issue arises because the application fails to properly sanitize user input before displaying it on the web page.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a GET request to the Pacs/config.php endpoint with a crafted status parameter that includes unsanitized JavaScript, such as a script tag with JavaScript code, such as an alert. The injected script will be executed in the context of the user's browser.

Remediation

Users are advised to update to the patched version released by the vendor.

Added: Jan 20, 2026, 4:14 PM
Updated: Jan 20, 2026, 4:14 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.6
remediation
0.0
relevance
2.1
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.