CVE-2025-32731

{"id": "CVE-2025-32731", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-07-28T14:15:26.930", "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2176", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2176", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (xss) vulnerability exists in the radiationDoseReport.php functionality of meddream MedDream PACS Premium 7.3.5.860. A specially crafted malicious url can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad Cross-Site Scripting (XSS) reflejado en la funci\u00f3n radiationDoseReport.php de meddream MedDream PACS Premium 7.3.5.860. Una URL especialmente maliciosa puede provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario. Un atacante puede proporcionar una URL manipulada para activar esta vulnerabilidad."}], "lastModified": "2025-11-03T20:18:28.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:meddream:pacs_server:7.3.5.860:*:*:*:premium:*:*:*", "vulnerable": true, "matchCriteriaId": "3694B0C9-4BB8-4D86-9043-75967FECDA4E"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}