CVE-2026-25131 OpenEMR has Broken Access Control in Procedures Configuration

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in the OpenEMR order types management system, allowing low-privilege users such as Receptionist to add and modify procedure...

CVE-2022-20948

A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker cou...

CVE-2022-20948 Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripting Vulnerability

A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker cou...

Hospital Management System v1.0 - Stored Cross Site Scripting Vulnerability

Exploit Title: Hospital Management System v1.0 - Stored Cross Site Scripting XSS Exploit Author: Sandeep Vishwakarma Vendor Homepage: https://code-projects.org Software Link: https://code-projects.org/hospital-management-system-in-php-css-javascript-and-mysql-free-download/ Version: v1.0 Tested o...

Broken Access Controls in Pratice settings

Description We observed that a receptionist user can add a Pharmacy in the Pratice Settings section, although this area is restricted to receptionist users. Proof of Concept REQUEST: POST /openemr/controller.php?practicesettings&pharmacy&action=edit HTTP/1.1 Host: demo.openemr.io Cookie: OpenEMR=...

The vulnerability in the web interface of Cisco BroadWorks Hosted Thin Receptionist allows a attacker to disclose protected information.

The vulnerability of the Cisco BroadWorks Hosted Thin Receptionist software’s web interface exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

Cisco BroadWorks 跨站脚本漏洞

Cisco BroadWorks is a carrier-grade unified communications software platform from Cisco. It is used to deploy cloud calls from public network platforms on any type of wired or wireless network architecture. A cross-site scripting vulnerability exists in Cisco BroadWorks Hosted Thin Receptionist,...

PT-2022-5298 · Cisco · Cisco Broadworks Hosted Thin Receptionist

Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks Hosted Thin Receptionist affected versions not specified Description: A vulnerability in the web management interface could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user o...

Improper authorization - receptionist can read all Clinic reports

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

Improper Privilege Management - receptionist can view background services and log for admin

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Log in as receptionist and see that you don't see Reports...

Improper authorization - receptionist can read all secure messaging

Description Hi there openemr maintainers, I would like to report an improper authorization vulnerability in your source code. Proof of Concept 1. Install openemr in your system and create an admin account and a receptionist account 2. Use admin account and create a secure message by go to Portal...

Receptionist for iPad Information Disclosure Vulnerability

Receptionist for iPad is a visitor management application. An information disclosure vulnerability exists in Receptionist for iPad version 4.0.4. A local attacker can exploit the vulnerability to obtain sensitive information...

CVE-2018-17502

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...

Design/Logic Flaw

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...

CVE-2018-17502

The Receptionist for iPad could allow a local attacker to obtain sensitive information, caused by an error in the contact.json file. An attacker could exploit this vulnerability to obtain the contact names, phone numbers and emails...

CVE-2018-17502

The Receptionist for iPad contains an information-disclosure vulnerability (CVE-2018-17502) where an error in the contact.json file allows a local attacker to obtain sensitive data (contact names, phone numbers, emails). This is a local access issue with no authentication required, exposing perso...

Visitor Kiosk Access Systems Riddled with Bugs

Visitor-management systems protect business against physical threats such as unwanted and unidentified guests. But many of these lobby-based perimeter checkpoints are opening up companies to a bevy of cyber-threats. On Monday, IBM’s penetration testing team, X-Force Red, released a report that...