drchrono: User with no permissions can create, edit, delete favorite prescriptions /erx/

Hi All, I believe I've found a vulnerability with regards to creating, editing and deleting favorite prescriptions. Description I have a doctor's organization with a staff member who has no permissions. If I visit https://1337test.drchrono.com/erx/ I get permission denied. However, I can create,...

drchrono: Bypassing Password Reset

Open the Password Reset Link Change the link with below Link https://drchrono.com/accounts/password/reset/complete it Show that I change The Password successfully .But I not...

drchrono: XSS in Blog

information Discloser :- Information Discloser in your Blog www.drchrono.com/blog/readme.html. Latex HTML Element XSS :- LaTeX HTML Element XSS on Jetpack 3.9.1. your Blog is currently running an out dated version 3.9.1 of Jetpack prove...

drchrono: Stored XSS via AngularJS Injection

Hi All, I've found a stored XSS vulnerability via an Angular Template Injection in the messages referral address field. Description After visiting https://1337test.drchrono.com/messages/referrals/contacts/, you can enter new contact information. In the field for the address, if enter 55, when the...

drchrono: Template stored XSS

The template filed names are not escaped properly, which gives an opportunity to inject HTML tags with javascript there. 1. Log into your account 2. Open the template builder https://%yourdomain%.drchrono.com/clinical/advancedformbuilder 3. Create a new template with a field called 4. Save the...

drchrono: Ngnix Server version disclosure

Hey, I have noticed that the 403 forbidden page of drchrono shows Ngnix server version! As you can see in the attached picture. or you can go to this URL https://www.drchrono.com/sitemedia/...

drchrono: Create and Update patients vulnerability

Hi there, This is a vulnerability in Create and Update permission in drchrono. When you try to modify a role of a certain staff member then uncheck Create and Update patients it supposed to barred your staff in updating users. But this does not appear to be true. Yes a You do not have permission ...

drchrono: XML Parser Bug: XXE over which leads to RCE

Hello security team, I have reported this issue on Feb 6, 2015 and i'm resubmit it here again. I was able to do XXE attack on your site and exposed the /etc/passwd file. Scenario: 1. Login to drchrono site. 2. Click on patients-patient 3. Click on ' Update patient via C-CDA XML.' 4. Select the fi...

drchrono Electronic Health Record (EHR) web applications vulnerable to cross-site scripting and cross-site request forgery

Overview drchrono Electronic Health Record EHR web applications allow cross-site scripting XSS and cross-site request forgery CSRF that could allow an attacker to obtain sensitive patient information. Description drchrono provides an EHR web application service at drchrono.com, onpatient.com, and...