17 matches found
CVE-2023-2105
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3568
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3568 Open Redirect in alextselegidis/easyappointments
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-3568
CVE-2023-3568 is an Open Redirect affecting Easy!Appointments prior to version 1.5.0 (GitHub: alextselegidis/easyappointments). The vulnerability stems from an insecure redirect mechanism, enabling an attacker-controlled redirect path. Public assessments place the impact as a low to moderate seve...
CVE-2023-2104
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2105
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2102
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2102 Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments
Cross-site Scripting XSS - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0...
CVE-2023-2103
The CVE-2023-2103 entry concerns a stored Cross-site Scripting (XSS) vulnerability in the GitHub repository for alextselegidis/easyappointments , present in versions prior to 1.5.0 . Multiple connected sources describe the issue as a stored XSS triggered by user input, with a patch available at a...
CVE-2023-2102
CVE-2023-2102 is a stored XSS vulnerability in the GitHub repository alextselegidis/easyappointments, affecting versions prior to 1.5.0. Multiple sources (OSV, GHSA, NVD, CVE list, CNNVD, PT-PTSecurity) corroborate that the issue is a stored XSS vulnerability in Easy!Appointments before 1.5.0, wi...
CVE-2023-2104
CVE-2023-2104 affects the easyappointments project (extending across multiple feeds). The vulnerability is described as Improper Access Control in the GitHub repository alextselegidis/easyappointments prior to version 1.5.0. Multiple connected sources confirm that versions 1.4.3 and earlier allow...
CVE-2023-2105
CVE-2023-2105 concerns the Easy!Appointments project by alextselegidis. The issue is a session fixation vulnerability where the application does not generate a new ea_session cookie after user authentication, allowing a malicious actor to inject a session cookie and gain access after login. The f...
CVE-2023-1367
CVE-2023-1367 — Code Injection in easyappointments (GitHub: alextselegidis/easyappointments) Concrete details in connected documents confirm a vulnerability in Easy!Appointments versions prior to 1.5.0 caused by unescaped output, enabling code injection. Public sources note an HTML injection vect...
CVE-2022-1397
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...
CVE-2022-1397
CVE-2022-1397 affects Easy!Appointments (GitHub: alextselegidis/easyappointments). The vulnerability is an API privilege escalation arising from inadequate authorization checks: the API validates existence of a user but not their permissions, allowing a low-privileged user (e.g., provider) to cre...
CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3...