167 matches found
CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user secretary in the system. This results in unauthorized data manipulation...
CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user secretary in the system. This results in unauthorized data manipulation...
CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user admin in the system. This results in privilege escalation...
CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user admin in the system. This results in privilege escalation...
CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...
CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /customers interface. A low-privilege attacker can exploit the vulnerability to create low-privilege users...
PT-2024-12370 · Easyappointments +2 · Alextselegidis/Easyappointments +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A BOLA vulnerability in the "POST /customers" endpoint allows a low-privileged user to create a new low-privileged user customer in the system, resultin...
PT-2024-15759 · WordPress · Easyappointments
Name of the Vulnerable Software and Affected Versions: Easy!Appointments plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user suppli...
WordPress Plugin Easy!Appointments Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
VulnCheck KEV: CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...
CVE-2023-3700
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Authorization
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3700
CVE-2023-3700 affects Easy!Appointments prior to 1.5.0 (GitHub: alextselegidis/easyappointments). The root cause is improper access control enabling authorization bypass via a user-controlled key, allowing access to restricted functions. The issue is addressed by upgrading to version 1.5.0 or lat...
CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
PT-2023-3709 · Unknown · Easyappointments
Name of the Vulnerable Software and Affected Versions: easyappointments versions prior to 1.5.0 Description: The issue is related to improper access control in the easyappointments application, which can allow a remote attacker to gain unauthorized access to restricted functions. This is due to a...
CVE-2023-3568
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
Open redirect
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3568 Open Redirect in alextselegidis/easyappointments
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...