PacsOne
Products
2- 6 CVEs
- 2 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-25124 | Hig | 0.57 | — | 0.01 | Nov 10, 2025 | PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint… | ||
| CVE-2020-29164 | 0.01 | — | 0.05 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS). | |||
| CVE-2020-29166 | 0.00 | — | 0.02 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | |||
| CVE-2020-29165 | 0.00 | — | 0.02 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges. | |||
| CVE-2020-29163 | 0.00 | — | 0.01 | Feb 3, 2021 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | |||
| CVE-2020-12869 | 0.00 | — | 0.01 | Sep 30, 2020 | RainbowFish PacsOne Server 6.8.4 allows XSS. | |||
| CVE-2020-12715 | 0.00 | — | 0.01 | Sep 30, 2020 | RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. | |||
| CVE-2020-12870 | 0.00 | — | 0.02 | Sep 30, 2020 | RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page. |
- risk 0.57cvss —epss 0.01
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint…
- CVE-2020-29164Feb 3, 2021risk 0.01cvss —epss 0.05
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).
- CVE-2020-29166Feb 3, 2021risk 0.00cvss —epss 0.02
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure.
- CVE-2020-29165Feb 3, 2021risk 0.00cvss —epss 0.02
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which can result in remotely gaining administrator privileges.
- CVE-2020-29163Feb 3, 2021risk 0.00cvss —epss 0.01
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.
- CVE-2020-12869Sep 30, 2020risk 0.00cvss —epss 0.01
RainbowFish PacsOne Server 6.8.4 allows XSS.
- CVE-2020-12715Sep 30, 2020risk 0.00cvss —epss 0.01
RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.
- CVE-2020-12870Sep 30, 2020risk 0.00cvss —epss 0.02
RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.