CVE-2025-58093 MEDIUM

CVE-2025-58093

Vendor Meddream

Product MedDream PACS Premium

Weakness CWE-79 · XSS

Published January 20, 2026

Last update January 21, 2026

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Multiple reflected cross-site scripting (xss) vulnerabilities exist in the config.php functionality of MedDream PACS Premium 7.3.6.870. Specially crafted malicious URLs can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger these vulnerabilities.This vulnerability affects the phpdir parameter.

Key dates

02Disclosure timeline

January 20, 2026 CVE published

January 21, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-58093

Related vulnerabilities

04Related CVE

CVE-2022-3014 SourceCodester Simple Task Managing System cross site scripting CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet CVE-2025-28865 WordPress WP Colorful Tag Cloud plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-33987 Cross-Site Scripting (XSS) vulnerability in Janobe products CVE-2025-5532 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting