stephen waite

11 exploits Active since Mar 2022
CVE-2026-25146 WRITEUP CRITICAL WRITEUP
OpenEMR 5.0.2-7.9.9 - Info Disclosure
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are (at least) two paths where the gateway_api_key secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary money movement or broad account takeover of payment gateway APIs. This vulnerability is fixed in 8.0.0.
CVSS 9.6
CVE-2026-25127 WRITEUP MEDIUM WRITEUP
OpenEMR <8.0.0 - Privilege Escalation
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the server does not properly validate user permission. Unauthorized users can view the information of authorized users. Version 8.0.0 fixes the issue.
CVSS 6.5
CVE-2022-1177 WRITEUP MEDIUM WRITEUP
OpenEMR < 6.1.0 - Insufficient Access Control for Patient Reports
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
CVSS 4.3
CVE-2022-2824 WRITEUP HIGH WRITEUP
GitHub openemr/openemr <7.0.0.1 - Auth Bypass
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVSS 8.8
CVE-2022-4505 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.0.2 - Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 8.8
CVE-2022-4615 WRITEUP MEDIUM WRITEUP
OpenEMR < 7.0.0.2 - Reflected Cross-Site Scripting
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.
CVSS 6.1
CVE-2023-2942 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.1 - Improper Input Validation
Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 8.1
CVE-2023-2943 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.1 - Code Injection
Code Injection in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 8.8
CVE-2023-2946 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.1 - Improper Access Control
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 8.1
CVE-2023-2950 WRITEUP HIGH WRITEUP
OpenEMR < 7.0.1 - Improper Authorization
Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1.
CVSS 8.1
CVE-2024-0875 WRITEUP MEDIUM WRITEUP
OpenEMR 7.0.1 - Stored Cross-Site Scripting via Secure Messaging InputBody Field
A stored cross-site scripting (XSS) vulnerability exists in openemr/openemr version 7.0.1. An attacker can inject malicious payloads into the 'inputBody' field in the Secure Messaging feature, which can then be sent to other users. When the recipient views the malicious message, the payload is executed, potentially compromising their account. This issue is fixed in version 7.0.2.1.
CVSS 4.8