Talos Vulnerability Report - TALOS-2025-2269 Summary CVE Number: CVE-2025-57786 Description: A reflected cross-site scripting (XSS) vulnerability exists in the notifynewstudy functionality of MedDream PACS Premium 7.3.6.870. An attacker can provide a crafted URL to trigger this vulnerability. Confirmed Vulnerable Versions MedDream PACS Premium 7.3.6.870 Product URLs MedDream PACS Premium CVSSv3 Score Score: 6.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CWE CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Details Vulnerable Code Location: script The parameter is written into the HTML output without sanitization. Example of malicious request and response: Timeline 2025-09-02: Vendor Disclosure 2025-12-05: Vendor Patch Release 2026-01-20: Public Release Credit Discovered by Marcin 'Icewall' Noga of Cisco Talos.