Login Sign Up

CVE-2025-44000

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects healthcare organizations using the vulnerable version of this medical imaging software. Attackers could steal session cookies, redirect users, or perform actions on their behalf.

💻 Affected Systems

Products:
  • MedDream PACS Premium
Versions: 7.3.6.870
Operating Systems: All platforms running MedDream PACS
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects the sendOruReport functionality. Requires user interaction (clicking malicious link).

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker steals administrator session cookies, gains full system access, exfiltrates patient medical data, and potentially modifies medical images or reports.

🟠

Likely Case

Attacker steals user session cookies to access patient data, performs phishing attacks, or redirects users to malicious sites.

🟢

If Mitigated

Limited impact due to proper input validation, output encoding, and Content Security Policy preventing script execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple reflected XSS requiring user to click crafted URL. No authentication required to trigger vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://talosintelligence.com/vulnerability_reports/TALOS-2025-2270

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch information. 2. Apply vendor-provided patch. 3. Test sendOruReport functionality after patching.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side input validation to sanitize user input in sendOruReport parameters

Implement regex filtering for script tags and JavaScript events in URL parameters

Output Encoding

all

Apply proper output encoding to all user-controlled data in sendOruReport responses

Use HTML entity encoding for all dynamic content in sendOruReport output

🧯 If You Can't Patch

  • Implement Web Application Firewall (WAF) with XSS protection rules
  • Deploy Content Security Policy (CSP) headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test sendOruReport endpoint with XSS payloads like <script>alert('XSS')</script> in URL parameters

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Retest with same XSS payloads and verify scripts do not execute

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL parameters containing script tags or JavaScript in sendOruReport requests
  • Multiple failed XSS attempts

Network Indicators:

  • HTTP requests to sendOruReport with suspicious parameters
  • External JavaScript loading from unexpected sources

SIEM Query:

source="web_logs" AND uri="*sendOruReport*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-44000
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.6th percentile)
Published: January 20, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-44000, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)