Public drchrono bug reports.

Team Bounty Title
drchrono $50 Information Disclosure
drchrono $50 Bug Report
drchrono $50 User with no permissions can create, edit, delete favorite prescriptions /erx/
drchrono $50 Bypassing Password Reset
drchrono - XSS in Blog
drchrono $50 User with no permissions can access full wdcalendar feed
drchrono $50 Stored XSS via AngularJS Injection
drchrono $50 [CRITICAL] CSRF leading to account take over
drchrono $100 Angular injection in the profile name of onpatient
drchrono $50 Template stored XSS
drchrono $50 - Information Disclosure and Windows Host Exposed
drchrono $50 Ngnix Server version disclosure
drchrono $50 Bypass password complexity requirements on passsword reset page
drchrono $100 Security Issue : CSRF Token Design Flaw
drchrono $100 Request Accepts without X-CSRFToken [ Header - Cookie ]
drchrono $100 CSRF Add Album On
drchrono $100 Accessing all appointments vulnerability
drchrono $150 Create and Update patients vulnerability
drchrono $700 XML Parser Bug: XXE over which leads to RCE