Lucene search
+L

168 matches found

Cvelist
Cvelist
added 2023/07/10 7:28 a.m.33 views

CVE-2023-3568 Open Redirect in alextselegidis/easyappointments

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS6.5AI score0.00434EPSS
Exploits0References2
CVE
CVE
added 2023/07/10 7:28 a.m.41 views

CVE-2023-3568

CVE-2023-3568 is an Open Redirect affecting Easy!Appointments prior to version 1.5.0 (GitHub: alextselegidis/easyappointments). The vulnerability stems from an insecure redirect mechanism, enabling an attacker-controlled redirect path. Public assessments place the impact as a low to moderate seve...

6.3CVSS5.4AI score0.00434EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/10 7:28 a.m.20 views

CVE-2023-3568 Open Redirect in alextselegidis/easyappointments

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS5.1AI score0.00434EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.7 views

PT-2023-25264 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: easyappointments versions prior to 1.5.0 Description: The issue is related to an Open Redirect in the GitHub repository alextselegidis/easyappointments. Recommendations: For versions prior to 1.5.0, update to version 1.5.0 or later to resolve...

6.3CVSS6.8AI score0.00434EPSS
Exploits0References6
Veracode
Veracode
added 2023/05/19 9:33 a.m.17 views

Cross-Site Scripting (XSS)

alextselegidis/easyappointments is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to a lack of user display name sanitization in backendheader.php, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

4.8CVSS6.5AI score0.00503EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2023/05/19 6:3 a.m.12 views

Session Fixation

alextselegidis/easyappointments, is vulnerable to Session Fixation. The vulnerability exists because the library does not properly limit the admin session time, allowing an attacker to use the access token to continue the session without refreshing the token...

8.8CVSS8.3AI score0.00668EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/15 3:30 p.m.17 views

alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting

alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit bddc5cbeb7ff237a72943b304dcb01c653781767 and anticipated to be part of version 1.5.0...

6.8CVSS4.9AI score0.00503EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2023/04/15 3:30 p.m.13 views

GHSA-J6QQ-9939-9JV8 alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting

alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit bddc5cbeb7ff237a72943b304dcb01c653781767 and anticipated to be part of version 1.5.0...

6.8CVSS4.9AI score0.00503EPSS
Exploits1References4
OSV
OSV
added 2023/04/15 3:30 p.m.61 views

GHSA-4QMM-CV4R-QFR4 alextselegidis/easyappointments Session Fixation vulnerability

alextselegidis/easyappointments is vulnerable to session fixation. The application does not generate a new easession cookie after the user authenticates. A malicious user may create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid,...

5.4CVSS6.7AI score0.00668EPSS
Exploits1References4
OSV
OSV
added 2023/04/15 3:30 p.m.43 views

GHSA-7M8R-GMC3-3P4V alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting

alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit 46a865300e94c7031cc0e315d95d3e3e56768498 and anticipated to be part of version 1.5.0...

5.4CVSS4.6AI score0.00475EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2023/04/15 3:30 p.m.21 views

alextselegidis/easyappointments Session Fixation vulnerability

alextselegidis/easyappointments is vulnerable to session fixation. The application does not generate a new easession cookie after the user authenticates. A malicious user may create a new session cookie value and inject it to a victim. After the victim logs in, the injected cookie becomes valid,...

8.8CVSS8.2AI score0.00668EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/15 3:30 p.m.28 views

alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting

alextselegidis/easyappointments is vulnerable to stored cross-site scripting in versions 1.4.3 and prior. A patch is available at commit 46a865300e94c7031cc0e315d95d3e3e56768498 and anticipated to be part of version 1.5.0...

5.4CVSS5.1AI score0.00475EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2023/04/15 2:15 p.m.23 views

CVE-2023-2104

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

5.4CVSS5.4AI score0.00447EPSS
Exploits1References2
NVD
NVD
added 2023/04/15 2:15 p.m.25 views

CVE-2023-2105

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

8.8CVSS6.3AI score0.00668EPSS
Exploits1References2
NVD
NVD
added 2023/04/15 2:15 p.m.20 views

CVE-2023-2103

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

5.4CVSS4.6AI score0.00475EPSS
Exploits1References2
Prion
Prion
added 2023/04/15 2:15 p.m.15 views

Improper access control

Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

5.5CVSS5.5AI score0.00447EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/04/15 2:15 p.m.19 views

Session fixation

Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

5.8CVSS8.7AI score0.00668EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/04/15 1:15 p.m.25 views

CVE-2023-2102

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.8CVSS5.2AI score0.00503EPSS
Exploits1References2
Prion
Prion
added 2023/04/15 1:15 p.m.14 views

Cross site scripting

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

4.3CVSS4.9AI score0.00503EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.10 views

CVE-2023-2103 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments

Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

4.3CVSS5.3AI score0.00475EPSS
Exploits1References2
Rows per page
Query Builder