MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability

Multiple reflected cross-site scripting vulnerabilities have been identified in MedDream PACS Premium version 7.3.6.870. These vulnerabilities arise in the config.php functionality, where certain parameters can be manipulated to execute arbitrary JavaScript. The issues stem from the phpdir, archivedir, longtermdir, uploaddir, thumbnaildir, worklistsrc, imagedir, and phpexe parameters, all of which are processed without proper input sanitization, allowing for the injection of malicious scripts.

Impact

Exploitation of these vulnerabilities allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the 'config.php' script with one of the vulnerable parameters (phpdir, archivedir, longtermdir, uploaddir, thumbnaildir, worklistsrc, imagedir, or phpexe') included. The parameter value should be crafted to include JavaScript code, such as a script tag with an alert command. If the specified directory or file does not exist, the injected script will be executed when the response is rendered in the browser.

Remediation

Users are advised to update to the patched version released by the vendor.