frankverbeke CVE Debriefs

MEDIUM frankverbeke CVE published 2026-06-09

CVE-2026-25860

CVE-2026-25860 is a reflected cross-site scripting (XSS) vulnerability in OpenClinic GA 5.351.19. The vulnerability exists in the DICOM image upload handler, allowing attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with JavaScript payloads in metadata fields such as Study Description, which are [truncated]

frankverbeke CVE debriefs

CVE-2026-25860