Login Sign Up

CVE-2025-46270

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

A reflected cross-site scripting vulnerability in MedDream PACS Premium allows attackers to execute arbitrary JavaScript code by tricking users into clicking malicious URLs. This affects healthcare organizations using the vulnerable version of the medical imaging software. The vulnerability enables client-side attacks against authenticated users.

💻 Affected Systems

Products:
  • MedDream PACS Premium
Versions: 7.3.6.870
Operating Systems: All platforms running MedDream PACS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires user interaction (clicking malicious link) and authenticated access to the fetchPriorStudies functionality.

📦 What is this software?

Pacs Server by Meddream

View all CVEs affecting Pacs Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.

🟠

Likely Case

Session hijacking, credential theft, or redirection to phishing sites targeting healthcare staff.

🟢

If Mitigated

Limited impact if proper input validation and output encoding are implemented, though user interaction is still required.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires crafting malicious URLs and social engineering to get users to click them.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Contact MedDream vendor for patch information. 2. Apply vendor-provided security update. 3. Test in non-production environment first.

🔧 Temporary Workarounds

Input Validation and Output Encoding

all

Implement proper input validation and output encoding for the fetchPriorStudies parameter

Implement server-side validation of URL parameters
Apply HTML entity encoding to user-controlled output

Content Security Policy

all

Implement strict Content Security Policy headers to mitigate XSS impact

Add Content-Security-Policy header with script-src directives

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads
  • Restrict access to the vulnerable endpoint using network segmentation

🔍 How to Verify

Check if Vulnerable:

Test the fetchPriorStudies endpoint with XSS payloads in URL parameters

Check Version:

Check MedDream PACS version in administration interface or configuration files

Verify Fix Applied:

Verify that XSS payloads are properly sanitized and do not execute

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL parameters containing script tags or JavaScript in fetchPriorStudies requests
  • Multiple failed XSS attempts

Network Indicators:

  • HTTP requests with suspicious parameters to fetchPriorStudies endpoint
  • URLs containing encoded JavaScript payloads

SIEM Query:

source="web_logs" AND uri="*fetchPriorStudies*" AND (param="*<script>*" OR param="*javascript:*")

📊 Metadata

CVE ID: CVE-2025-46270
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.04% exploit probability (10.4th percentile)
Published: January 20, 2026
Last Updated: January 29, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-46270, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)