Volerion logoVolerion
Volerion logoVolerion

MedDream PACS Premium Reflected Cross-Site Scripting Vulnerability in Config.php

Vulnerability

A reflected cross-site scripting vulnerability has been identified in the config.php file of MedDream PACS Premium version 7.3.6.870. This vulnerability allows attackers to execute arbitrary JavaScript by sending specially crafted URLs that exploit the worklistsrc parameter. The issue arises because the application fails to properly sanitize user input before displaying it, enabling the injection of malicious scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious JavaScript in the context of the user's browser.

Reproduction

To reproduce this vulnerability, send a POST request to the Pacs/config.php endpoint with the worklistsrc parameter set to a crafted value that includes JavaScript code, such as a script tag. The injected script will be executed in the user's browser when the response is received.

Remediation

Users are advised to update to the patched version released by the vendor.

Added: Jan 20, 2026, 4:03 PM
Updated: Jan 20, 2026, 4:03 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
1.7
exploitability
7.2
remediation
0.0
relevance
2.2
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.