CWE-79

High likelihood

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

44,968 vulnerabilities with CWE-79
CVE-2025-58095 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via imagedir Parameter
CVSS 6.1
CVE-2025-58094 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via worklistsrc Parameter
CVSS 6.1
CVE-2025-58093 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via phpdir Parameter
CVSS 6.1
CVE-2025-58092 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via phpexe Parameter
CVSS 6.1
CVE-2025-58091 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via thumbnaildir Parameter
CVSS 6.1
CVE-2025-58090 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via uploaddir Parameter
CVSS 6.1
CVE-2025-58089 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via config.php longtermdir Parameter
CVSS 6.1
CVE-2025-58088 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via archivedir Parameter
CVSS 6.1
CVE-2025-58087 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via Status Parameter
CVSS 6.1
CVE-2025-58080 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via modifyHL7App
CVSS 6.1
CVE-2025-57881 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via ModifyEmail Functionality
CVSS 6.1
CVE-2025-57787 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via modifyRoute Functionality
CVSS 6.1
CVE-2025-57786 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via NotifyNewStudy Functionality
CVSS 6.1
CVE-2025-55071 MEDIUM
MedDream PACS Premium 7.3.6.870 - XSS
CVSS 6.1
CVE-2025-54861 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via modifyCoercion
CVSS 6.1
CVE-2025-54853 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting in modifyUser Functionality
CVSS 6.1
CVE-2025-54852 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via modifyAeTitle
CVSS 6.1
CVE-2025-54817 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via autoPurge Functionality
CVSS 6.1
CVE-2025-54814 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting in modifyAutopurgeFilter
CVSS 6.1
CVE-2025-54778 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting in ExistingUser Functionality
CVSS 6.1
CVE-2025-54495 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting via Email Failed Job Functionality
CVSS 6.1
CVE-2025-54157 MEDIUM
MedDream PACS Premium 7.3.6.870 - Reflected Cross-Site Scripting in EncapsulatedDoc Functionality
CVSS 6.1
CVE-2025-53854 MEDIUM
MedDream PACS Premium 7.3.6.870 - XSS
CVSS 6.1
CVE-2025-53707 MEDIUM
MedDream PACS Premium 7.3.6.870 - XSS
CVSS 6.1
CVE-2025-53516 MEDIUM
MedDream PACS Premium 7.3.6.870 - XSS
CVSS 6.1
Details
Vulnerabilities 44,968
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits