Lucene search
K

167 matches found

CVE
CVE
added 2025/02/12 12:0 a.m.79 views

CVE-2024-57601

Consolidated details show a data-venue XSS vulnerability in Alex Tselegidis EasyAppointments v1.5.0, exploitable via the unfiltered legal_settings parameter. The CVE-2024-57601 entry is supported by multiple connected sources (Red Hat, OSV, OSV.dev, GHSA, Snyk, CNNVD, CIRCL) that consistently des...

6.1CVSS7.4AI score0.00507EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/02/12 12:0 a.m.6 views

CVE-2024-57602

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file...

9.8CVSS9.4AI score0.00801EPSS
Exploits1References3
CVE
CVE
added 2025/02/12 12:0 a.m.80 views

CVE-2024-57602

CVE-2024-57602 concerns EasyAppointments v1.5.0. Multiple connected sources confirm a vulnerability in the application where a missing permission validation in the file index.php enables a remote attacker to escalate privileges. The issue is described as unauthenticated, network-based, with HIGH ...

9.8CVSS7.2AI score0.00801EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/12 12:0 a.m.3 views

CVE-2024-57601

Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legalsettings parameter...

7.3AI score0.00507EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/02/12 12:0 a.m.16 views

CVE-2024-57602

An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file...

0.00801EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 10:56 p.m.10 views

CVE-2022-1397

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...

9CVSS6.7AI score0.01115EPSS
Exploits1References1
Veracode
Veracode
added 2024/07/24 5:50 a.m.11 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypasss. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /secretaries/secretaryId endpoints, allowing a low privileged user to fetch, modify, or delete a secretary's data...

9.9CVSS6.6AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/12 5:0 a.m.19 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the POST /admins endpoint, allowing low privileged users to create high privileged users admins, resulting in privilege escalation...

9.9CVSS6.5AI score0.00435EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/12 4:45 a.m.16 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the GET, PUT, DELETE /webhooks/webhookId endpoints, allowing low privileged users to fetch, modify, or delete webhooks of any user, resulting in unauthorized...

9.1CVSS6.6AI score0.00355EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/12 4:37 a.m.20 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the POST /customers endpoint, allowing low privileged users to create customer accounts, resulting in unauthorized data manipulation...

5CVSS6.5AI score0.00295EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/11 10:50 a.m.15 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the POST /secretaries endpoint, allowing low privileged users to create other low privileged users secretaries, resulting in unauthorized data manipulation...

7.7CVSS6.5AI score0.00327EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/11 10:40 a.m.11 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the GET, PUT, and DELETE endpoints for /customers/customerId, allowing low privileged users to fetch, modify, or delete other low privileged users customers...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/11 10:6 a.m.12 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to insufficient access control checks on the GET, PUT, and DELETE endpoints for /settings/settingName, allowing low privileged users to fetch, modify, or delete settings of any user, including admin...

9.9CVSS6.8AI score0.004EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/10 7:34 a.m.14 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the GET, PUT, and DELETE methods for the /categories/categoryId endpoint. This allows a low-privileged user to fetch, modify, or delete the category...

8.5CVSS6.3AI score0.00373EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/10 7:33 a.m.15 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable for Authorization Bypass. The vulnerability is due to insufficient access controls on the GET, PUT, and DELETE methods for /appointments/appointmentId, allowing a low-privileged user to fetch, modify, or delete any user's appointment, including those ...

9.9CVSS7AI score0.00415EPSS
Exploits0References2Affected Software1
Veracode
Veracode
added 2024/07/10 7:32 a.m.21 views

Authorization Bypass

alextselegidis/easyappointments is vulnerable to Authorization Bypass. The vulnerability is due to improper authorization checks in the POST /appointments endpoint, allowing a low-privileged user to create appointments for any user in the system, including administrators. Attackers can exploit th...

7.7CVSS6.7AI score0.00338EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/09 10:30 a.m.13 views

CVE-2023-3288 A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user provider in the system. This results in privilege escalation...

8.5CVSS6.7AI score0.00349EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 10:30 a.m.26 views

CVE-2023-3288 A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user provider in the system. This results in privilege escalation...

8.5CVSS0.00349EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 10:29 a.m.15 views

CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /services/serviceId allows a low privileged user to fetch, modify or delete the services of any user including admin. This results in unauthorized access and unauthorized data manipulation...

9.6CVSS6.6AI score0.0039EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 10:29 a.m.23 views

CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0

A BOLA vulnerability in GET, PUT, DELETE /services/serviceId allows a low privileged user to fetch, modify or delete the services of any user including admin. This results in unauthorized access and unauthorized data manipulation...

9.6CVSS0.0039EPSS
Exploits0References1
Rows per page
Query Builder