drchrono - HackerOne Bug Reports

Public drchrono bug reports.

4,419 Bug Reports - $2,030,173 Paid Out
Last Updated: 12th September, 2017

Team	Bounty	Title
drchrono	$50	Information Disclosure
drchrono	$50	Bug Report
drchrono	$50	User with no permissions can create, edit, delete favorite prescriptions /erx/
drchrono	$50	Bypassing Password Reset
drchrono	-	XSS in Blog
drchrono	$50	User with no permissions can access full wdcalendar feed
drchrono	$50	Stored XSS via AngularJS Injection
drchrono	$50	[CRITICAL] CSRF leading to account take over
drchrono	$100	Angular injection in the profile name of onpatient
drchrono	$50	Template stored XSS
drchrono	$50	node.drchrono.com - Information Disclosure and Windows Host Exposed
drchrono	$50	Ngnix Server version disclosure
drchrono	$50	Bypass password complexity requirements on passsword reset page
drchrono	$100	Security Issue : CSRF Token Design Flaw
drchrono	$100	Request Accepts without X-CSRFToken [ Header - Cookie ]
drchrono	$100	CSRF Add Album On onpatient.com
drchrono	$100	Accessing all appointments vulnerability
drchrono	$150	Create and Update patients vulnerability
drchrono	$700	XML Parser Bug: XXE over which leads to RCE