168 matches found
CVE-2023-3568 Open Redirect in alextselegidis/easyappointments
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3568
CVE-2023-3568 is an Open Redirect affecting Easy!Appointments prior to version 1.5.0 (GitHub: alextselegidis/easyappointments). The vulnerability stems from an insecure redirect mechanism, enabling an attacker-controlled redirect path. Public assessments place the impact as a low to moderate seve...
CVE-2023-3568 Open Redirect in alextselegidis/easyappointments
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
PT-2023-25264 · Unknown · Easyappointments
Name of the Vulnerable Software and Affected Versions: easyappointments versions prior to 1.5.0 Description: The issue is related to an Open Redirect in the GitHub repository alextselegidis/easyappointments. Recommendations: For versions prior to 1.5.0, update to version 1.5.0 or later to resolve...
Cross-Site Scripting (XSS)
alextselegidis/easyappointments is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user display name sanitization in backendheader.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...
Session Fixation
alextselegidis/easyappointments, is vulnerable to Session Fixation. The vulnerability exists because the library does not properly limit the admin session time, allowing an attacker to use the access token to continue the session without refreshing the token...
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting
alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit bddc5cbeb7ff237a72943b304dcb01c653781767 and anticipated to be part of version 1.5.0...
GHSA-J6QQ-9939-9JV8 alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting
alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit bddc5cbeb7ff237a72943b304dcb01c653781767 and anticipated to be part of version 1.5.0...
GHSA-4QMM-CV4R-QFR4 alextselegidis/easyappointments Session Fixation vulnerability
alextselegidis/easyappointments is vulnerable to session fixation. The application does not generate a new easession cookie after the user authenticates. A malicious user may create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid,...
GHSA-7M8R-GMC3-3P4V alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting
alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit 46a865300e94c7031cc0e315d95d3e3e56768498 and anticipated to be part of version 1.5.0...
alextselegidis/easyappointments Session Fixation vulnerability
alextselegidis/easyappointments is vulnerable to session fixation. The application does not generate a new easession cookie after the user authenticates. A malicious user may create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid,...
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting
alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit 46a865300e94c7031cc0e315d95d3e3e56768498 and anticipated to be part of version 1.5.0...
CVE-2023-2104
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2105
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2103
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Improper access control
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Session fixation
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2102
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Cross site scripting
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2103 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...