Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability in config.php

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the config.php file of MedDream PACS Premium version 7.3.6.870. This vulnerability allows attackers to execute arbitrary JavaScript by sending specially crafted URLs that exploit the phpexe parameter. The issue arises because the application fails to properly sanitize user input before displaying it, enabling the injection of malicious scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the Pacs/config.php endpoint with the phpexe parameter set to a crafted value, such as a script tag containing JavaScript code. The response will include the injected script, executed as part of the page.

Remediation

Users are advised to update to the patched version released by the vendor.

Added: Jan 20, 2026, 4:06 PM
Updated: Jan 20, 2026, 4:06 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.2
remediation
0.0
relevance
2.1
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.