CVE-2025-46270
BaseFortify
Publication date: 2026-01-20
Last updated on: 2026-01-29
Assigner: Talos
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| meddream | pacs_server | 7.3.6.870 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46270 is a reflected cross-site scripting (XSS) vulnerability in the fetchPriorStudies functionality of MedDream PACS Premium version 7.3.6.870. It occurs because the application improperly sanitizes the 'uid' parameter in the HTTP GET request, embedding it directly into the HTML output without encoding. An attacker can craft a malicious URL containing JavaScript code in this parameter, which will execute in the victim's browser when the URL is accessed after authentication. [1]
How can this vulnerability impact me? :
This vulnerability allows an attacker to execute arbitrary JavaScript code in the context of a victim's browser after they access a maliciously crafted URL. This can lead to theft of sensitive information, session hijacking, or performing actions on behalf of the user within the application. The CVSS score indicates a low to moderate impact on confidentiality and integrity, with no impact on availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the fetchPriorStudies.php endpoint for reflected XSS in the uid parameter. You can use curl or similar tools to send a crafted HTTP GET request with a script tag in the uid parameter and observe if the response reflects the script without sanitization. For example, use the command: curl -i "http://<target>/Pacs/fetchPriorStudies.php?uid=<script>alert(1)</script>&remoteae=abc" and check if the response HTML contains the injected script tag. If the script is reflected in the response, the vulnerability is present. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor patch released on December 5, 2025, which addresses this vulnerability. Until the patch is applied, restrict access to the vulnerable endpoint to trusted users only, and consider implementing web application firewall (WAF) rules to detect and block requests containing suspicious script tags in the uid parameter. Additionally, educate users to avoid clicking on untrusted URLs that may exploit this vulnerability. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.