MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in MedDream PACS Premium version 7.3.6.870. The issue arises in the config.php file, where several parameters are vulnerable to XSS attacks. Specifically, the archivedir, longtermdir, uploaddir, thumbnaildir, phpexe, phpdir, worklistsrc, and imagedir parameters can be exploited by injecting malicious JavaScript into the URL or POST request. This unvalidated input is then executed as arbitrary JavaScript, potentially leading to harmful consequences.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the config.php file with one of the vulnerable parameters (archivedir, longtermdir, uploaddir, thumbnaildir, phpexe, phpdir, worklistsrc, or imagedir) included. The parameter value should be a crafted URL that includes JavaScript code, such as a script tag with an alert function. If the injected script is executed in the response, the vulnerability is present.

Remediation

Users are advised to update to the patched version released by the vendor.