Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the config.php functionality of MedDream PACS Premium version 7.3.6.870. This vulnerability allows for the execution of arbitrary JavaScript code through specially crafted URLs. The issue arises in the thumbnaildir parameter, which is not properly sanitized before being outputted to the user.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the config.php script with the thumbnaildir parameter set to a crafted value, such as a script tag containing JavaScript code. If the specified directory does not exist, the injected script will be executed when the response is rendered in the browser.

Remediation

Users are advised to update to the patched version released by the vendor.

Added: Jan 20, 2026, 4:07 PM
Updated: Jan 20, 2026, 4:07 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.2
remediation
0.0
relevance
2.2
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.