Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-57601 | 1 Easyappointments | 1 Easyappointments | 2025-09-29 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
|
|||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2025-03-18 | N/A | 9.8 CRITICAL |
|
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
|
|||||
| CVE-2023-2105 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 8.8 HIGH |
|
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-2104 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
|
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-2103 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-2102 | 1 Easyappointments | 1 Easyappointments | 2025-02-06 | N/A | 4.8 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-3700 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-3290 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 5.0 MEDIUM |
|
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
|
|||||
| CVE-2023-3289 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 7.7 HIGH |
|
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
|
|||||
| CVE-2023-3288 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 8.5 HIGH |
|
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
|
|||||
| CVE-2023-3287 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
|
|||||
| CVE-2023-3286 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 7.7 HIGH |
|
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
|
|||||
| CVE-2023-38055 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.6 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38054 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38053 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38052 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38051 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38050 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38049 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38048 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.9 CRITICAL |
|
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-38047 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 8.5 HIGH |
|
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
|
|||||
| CVE-2023-1367 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 3.8 LOW |
|
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2023-1269 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
|
|||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
|
|||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
|
|||||