CNNVD-202601-3232 Information
Jan 20, 2026
cve
CNNVD ID
CNNVD-202601-3232
Related CVE
- CNNVD Published: 2026-01-20
Description (Chinese)
MedDream PACS Premium是MedDream公司的一款企业级图像存储与管理服务器套件。 MedDream PACS Premium 7.3.6.870版本存在跨站脚本漏洞,该漏洞源于config.php功能中thumbnaildir参数存在反射型跨站脚本漏洞,可能导致执行任意javascript代码。
Description (English)
MedDream PACS Premium is an enterprise-level image storage and management server suite for MedDream. MedDream PACS Premium 7.3.6.870 has a cross-site script loophole, which stems from the reflection-type cross-station script gap in the thumbnaildir parameters in the config.php function, which may lead to the implementation of any javascript code.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
MedDream
Published
2026-01-20
Last Modified
2026-02-24
References
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271
Patch
https://meddream.com/products/meddream-pacs-server/
Share on: