Brady Miller

56 exploits Active since Aug 2017
CVE-2023-2949 WRITEUP MEDIUM WRITEUP
OpenEMR < 7.0.1 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 6.1
CVE-2025-29772 WRITEUP MEDIUM WRITEUP
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via hidden_subcategory Parameter
OpenEMR is a free and open source electronic health records and medical practice management application. The POST parameter hidden_subcategory is output to the page without being properly processed. This leads to a reflected cross-site scripting (XSS) vul;nerability in CAMOS new.php. This vulnerability is fixed in 7.0.3.
CVSS 6.1
CVE-2025-29789 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.3 - Path Traversal via Load Code Feature
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue.
CVSS 7.5
CVE-2025-30149 WRITEUP MEDIUM WRITEUP
OpenEMR < 7.0.3 - Reflected Cross-Site Scripting via AJAX Script Target Parameter
OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. This vulnerability is fixed in 7.0.3.
CVSS 6.4
CVE-2025-30161 WRITEUP MEDIUM WRITEUP
OpenEMR < 7.0.3 - Stored Cross-Site Scripting in Bronchitis Form
OpenEMR is a free and open source electronic health records and medical practice management application. A stored XSS vulnerability in the Bronchitis form component of OpenEMR allows anyone who is able to edit a bronchitis form to steal credentials from administrators. This vulnerability is fixed in 7.0.3.
CVSS 5.4
CVE-2025-67645 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.4 - Authenticated Improper Access Control via Profile Edit Endpoint
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.0.4 have a broken access control in the Profile Edit endpoint. An authenticated normal user can modify the request parameters (pubpid / pid) to reference another user’s record; the server accepts the modified IDs and applies the changes to that other user’s profile. This allows one user to alter another user’s profile data (name, contact info, etc.), and could enable account takeover. Version 7.0.4 fixes the issue.
CVSS 8.8