MedDream
Products
2- 32 CVEs
- 3 CVEs
Recent CVEs
35| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-36521 | Hig | 0.57 | 8.8 | 0.00 | May 1, 2025 | MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation. | ||
| CVE-2025-35975 | Hig | 0.57 | 8.8 | 0.00 | May 1, 2025 | MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation. | ||
| CVE-2025-54817 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability. | |||
| CVE-2025-53516 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54495 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54157 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54778 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-46270 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-55071 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54852 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54861 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-57881 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-58080 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-53854 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-57787 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-53707 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-54853 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-57786 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-44000 | 0.00 | — | 0.00 | Jan 20, 2026 | A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | |||
| CVE-2025-58095 | 0.00 | — | 0.00 | Jan 20, 2026 | Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter. |
- risk 0.57cvss 8.8epss 0.00
MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user must open a malicious DCM file for exploitation.
- risk 0.57cvss 8.8epss 0.00
MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious DCM file for exploitation.
- CVE-2025-54817Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the autoPurge functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a URL to a malicious website to trigger this vulnerability.
- CVE-2025-53516Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the downloadZip functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54495Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the emailfailedjob functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54157Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the encapsulatedDoc functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54778Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-46270Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the fetchPriorStudies functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-55071Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyAnonymize functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54852Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyAeTitle functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54861Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyCoercion functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-57881Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-58080Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7App functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-53854Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyHL7Route functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-57787Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyRoute functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-53707Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyTranscript functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-54853Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the modifyUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-57786Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-44000Jan 20, 2026risk 0.00cvss —epss 0.00
A reflected cross-site scripting (xss) vulnerability exists in the sendOruReport functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability.
- CVE-2025-58095Jan 20, 2026risk 0.00cvss —epss 0.00
Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the imagedir parameter.