CNNVD-202601-3230 Information

CNNVD ID

CNNVD-202601-3230

Related CVE

CVE-2025-58090

• CNNVD Published: 2026-01-20

Description (Chinese)

MedDream PACS Premium是MedDream公司的一款企业级图像存储与管理服务器套件。 MedDream PACS Premium 7.3.6.870版本存在跨站脚本漏洞，该漏洞源于config.php功能中uploaddir参数存在反射型跨站脚本漏洞，可能导致执行任意javascript代码。

Description (English)

MedDream PACS Premium is an enterprise-level image storage and management server suite for MedDream. MedDream PACS Premium 7.3.6.870 has a cross-site script loophole, which stems from the reflect-type cross-station script gap in the preloaddir parameter in the config.php function, which may lead to the implementation of any javascript code.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

MedDream

Published

2026-01-20

Last Modified

2026-02-24

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271 https://access.redhat.com/security/cve/cve-2025-58090

Patch

https://meddream.com/products/meddream-pacs-server/