drchrono - HackerOne Reports
View on HackerOne7
Total Reports
0
Critical
0
High
0
Medium
0
Low
Angular injection in the profile name of onpatient
Reported by:
yaworsk
|
Disclosed:
Weakness: Cross-site Scripting (XSS) - Generic
User with no permissions can access full wdcalendar feed
Reported by:
yaworsk
|
Disclosed:
Weakness: Improper Authentication - Generic
SSL/TLS BEAST ATTACK
Reported by:
d0rkerdevil
|
Disclosed:
Weakness: Cryptographic Issues - Generic
CSRF Add Album On onpatient.com
Reported by:
hussain_0x3c
|
Disclosed:
Weakness: Cross-Site Request Forgery (CSRF)
Create and Update patients vulnerability
Reported by:
cliantech
|
Disclosed:
Weakness: Privilege Escalation
Request Accepts without X-CSRFToken [ Header - Cookie ]
Reported by:
hussain_0x3c
|
Disclosed:
Weakness: Improper Authentication - Generic
User with no permissions can create, edit, delete favorite prescriptions /erx/
Reported by:
yaworsk
|
Disclosed:
Weakness: Improper Authentication - Generic