exploitDog

CVE-2025-58088

Опубликовано: 20 янв. 2026

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271
Exploit
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2271
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meddream:pacs_server:7.3.6.870:*:*:*:premium:*:*:*

EPSS

Процентиль: 11%

0.00036

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-vx96-3pgw-95vh

CVSS3: 6.1

github

19 дней назад

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the archivedir parameter.

EPSS

Процентиль: 11%

0.00036

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79