Sante Pacs Server
CVE-2025-54759
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
AnalysisAI
Sante PACS Server is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie. Affected products include: Santesoft Sante Pacs Server.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
More in Sante Pacs Server
View allSante PACS Server contains an unauthenticated path traversal vulnerability that allows remote attackers to download arbi
During login to the web server in "Sante PACS Server.exe", OpenSSL function EVP_DecryptUpdate is called to decrypt the u
Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8),
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4
Sante PACS Server web portal is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 4.8), this vulner
The Sante PACS Server Web Portal sends credential information without encryption. Rated critical severity (CVSS 9.1), th
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a deni
Sante PACS Server URL path Memory Corruption Denial-of-Service Vulnerability. Rated high severity (CVSS 7.5), this vulne
Sante PACS Server DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium severity (CVSS 5
Sante PACS Server Web Portal DCM File Parsing Directory Traversal Arbitrary File Write Vulnerability. Rated medium sever
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Sante PACS Server Web Portal DCM File Parsing Memory Corruption Denial-of-Service Vulnerability. Rated medium severity (
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today