Lucene search
K

167 matches found

Vulnrichment
Vulnrichment
added 2024/07/09 10:20 a.m.15 views

CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user secretary in the system. This results in unauthorized data manipulation...

7.7CVSS6.5AI score0.00327EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 10:20 a.m.18 views

CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user secretary in the system. This results in unauthorized data manipulation...

7.7CVSS0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 10:17 a.m.21 views

CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user admin in the system. This results in privilege escalation...

9.9CVSS6.6AI score0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 10:17 a.m.32 views

CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user admin in the system. This results in privilege escalation...

9.9CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/09 9:37 a.m.12 views

CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...

7.7CVSS6.5AI score0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/09 9:37 a.m.27 views

CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system including admin. This results in unauthorized data manipulation...

7.7CVSS0.00338EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.5 views

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /customers interface. A low-privilege attacker can exploit the vulnerability to create low-privilege users...

5CVSS6.8AI score0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.5 views

PT-2024-12370 · Easyappointments +2 · Alextselegidis/Easyappointments +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A BOLA vulnerability in the "POST /customers" endpoint allows a low-privileged user to create a new low-privileged user customer in the system, resultin...

5CVSS6.8AI score0.00295EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/05 12:0 a.m.7 views

PT-2024-15759 · WordPress · Easyappointments

Name of the Vulnerable Software and Affected Versions: Easy!Appointments plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's shortcodes due to insufficient input sanitization and output escaping on user suppli...

6.4CVSS7.9AI score0.00408EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/05 12:0 a.m.7 views

WordPress Plugin Easy!Appointments Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.4CVSS5.9AI score0.00408EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/11/17 12:0 a.m.8 views

VulnCheck KEV: CVE-2022-0482

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...

9.1CVSS7.3AI score0.38133EPSS
Exploits7References1
NVD
NVD
added 2023/07/17 7:15 a.m.23 views

CVE-2023-3700

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS0.00374EPSS
Exploits1References2
Prion
Prion
added 2023/07/17 7:15 a.m.10 views

Authorization

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

4CVSS4.5AI score0.00374EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/17 6:16 a.m.12 views

CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS6.8AI score0.00374EPSS
Exploits1References2
CVE
CVE
added 2023/07/17 6:16 a.m.41 views

CVE-2023-3700

CVE-2023-3700 affects Easy!Appointments prior to 1.5.0 (GitHub: alextselegidis/easyappointments). The root cause is improper access control enabling authorization bypass via a user-controlled key, allowing access to restricted functions. The issue is addressed by upgrading to version 1.5.0 or lat...

6.3CVSS5.3AI score0.00374EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/07/17 6:16 a.m.18 views

CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS4.7AI score0.00374EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/07/17 12:0 a.m.1 views

PT-2023-3709 · Unknown · Easyappointments

Name of the Vulnerable Software and Affected Versions: easyappointments versions prior to 1.5.0 Description: The issue is related to improper access control in the easyappointments application, which can allow a remote attacker to gain unauthorized access to restricted functions. This is due to a...

6.5CVSS4.8AI score0.00374EPSS
Exploits1References11
NVD
NVD
added 2023/07/10 4:15 p.m.25 views

CVE-2023-3568

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS6.3AI score0.00434EPSS
Exploits0References2
Prion
Prion
added 2023/07/10 4:15 p.m.17 views

Open redirect

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

4.3CVSS5.1AI score0.00434EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/10 7:28 a.m.20 views

CVE-2023-3568 Open Redirect in alextselegidis/easyappointments

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...

6.3CVSS5.1AI score0.00434EPSS
Exploits0References4
Rows per page
Query Builder