Brady Miller

50 exploits Active since Aug 2017
CVE-2022-2494 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
CVSS 5.4
CVE-2022-2729 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.1 - XSS
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 5.4
CVE-2022-2730 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.1 - IDOR
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 6.5
CVE-2022-2731 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.1 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 6.1
CVE-2022-2732 WRITEUP HIGH WRITEUP
Open-emr Openemr < 7.0.0.1 - Missing Authorization
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 8.3
CVE-2022-2733 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.1 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 6.1
CVE-2022-2734 WRITEUP MEDIUM WRITEUP
openemr/openemr <7.0.0.1 - Info Disclosure
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 5.4
CVE-2022-4502 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.2 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 6.1
CVE-2022-4503 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.2 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 6.1
CVE-2022-4504 WRITEUP HIGH WRITEUP
Open-emr Openemr < 7.0.0.2 - Improper Input Validation
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 7.5
CVE-2022-4506 WRITEUP HIGH WRITEUP
Open-emr Openemr < 7.0.0.2 - Unrestricted File Upload
Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 8.8
CVE-2022-4567 WRITEUP HIGH WRITEUP
GitHub openemr/openemr <7.0.0.2 - Info Disclosure
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 8.1
CVE-2022-4733 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.0.2 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 4.8
CVE-2023-2566 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 4.8
CVE-2023-2674 WRITEUP MEDIUM WRITEUP
GitHub openemr/openemr <7.0.1 - Info Disclosure
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 4.3
CVE-2023-2944 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - Improper Access Control
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 5.4
CVE-2023-2945 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - Missing Authorization
Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 5.4
CVE-2023-2947 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - XSS
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 4.8
CVE-2023-2948 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - XSS
Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 6.1
CVE-2023-2949 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.1 - XSS
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 6.1
CVE-2025-29772 WRITEUP MEDIUM WRITEUP
Open-emr Openemr < 7.0.3 - XSS
OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.
CVSS 6.1
CVE-2025-29789 WRITEUP HIGH WRITEUP
Open-emr Openemr < 7.0.3 - Path Traversal
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.
CVSS 7.5
CVE-2025-30149 WRITEUP MEDIUM WRITEUP
OpenEMR - XSS
OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.
CVSS 6.4
CVE-2025-30161 WRITEUP MEDIUM WRITEUP
OpenEMR - Stored XSS
OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.
CVSS 5.4
CVE-2025-67645 WRITEUP HIGH WRITEUP
Open-emr Openemr - Improper Access Control
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.
CVSS 8.8