518 matches found
Type confusion
OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion."...
CVE-2023-24599
CVE-2023-24599 affects Open-Xchange OX App Suite prior to backend 7.10.6-rev37, where an authenticated user can change the appointments of arbitrary users due to conflicting ID numbers (ID confusion). The issue is tied to the appointment modification flow and allows privilege abuse within the pro...
CVE-2022-46816
Cross-Site Request Forgery CSRF vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin = 1.1.4 versions...
CVE-2022-46816
Cross-Site Request Forgery CSRF vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin = 1.1.4 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Booking Ultra Pro Appointments Booking Calendar Plugin plugin = 1.1.4 versions...
CVE-2022-46816
CVE-2022-46816 affects WordPress Booking Ultra Pro Appointments Booking Calendar Plugin versions
WordPress plugin Booking Ultra Pro Appointments Booking Calendar 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-15059 · Unknown · Booking Ultra Pro Appointments Booking Calendar Plugin
Name of the Vulnerable Software and Affected Versions: Booking Ultra Pro Appointments Booking Calendar Plugin versions = 1.1.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing...
Improper Access Control
alextselegidis/easyappointments is vulnerable to Improper Access Control. The vulnerability exists due to the lack of validation of appointments inCalendar.php, which allows an attacker to gain access to other user's appointments...
WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF)
Software Easy Appointments Type Plugin Vulnerable versions = 3.11.9 Fixed in 3.11.10 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-36424 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7ad0fdcdf557 Credits István Márton...
Easy Appointments < 3.11.10 - Cross-Site Request Forgery
The plugin does not properly validate requests use nonces, leading to potential Cross-Site Request Forgery CSRF vulnerabilities...
Easy!Appointments 跨站脚本漏洞
Easy!Appointments is a web-based appointment and schedule management system. A cross-site scripting vulnerability exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to execute arbitrary JavaScript in the context of the attacked website and the attacked user...
Easy!Appointments 访问控制错误漏洞
Easy!Appointments is a web-based appointment and schedule management system. An access control error vulnerability exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to view and edit appointments from other providers...
Easy!Appointments 授权问题漏洞
Easy!Appointments is a web-based appointment and schedule management system. A vulnerability in authorization issues exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to gain higher-level privileges or the ability to view sensitive data...
Easy!Appointments 跨站脚本漏洞
Easy!Appointments is a web-based appointment and schedule management system. A cross-site scripting vulnerability exists in versions prior to Easy!Appointments 1.5.0, which can be exploited by an attacker to perform javascript injection, cookie theft, install javascript malware and keyloggers, an...
WordPress Easy Appointments Plugin <= 3.10.7 is vulnerable to Cross Site Scripting (XSS)
Software Easy Appointments Type Plugin Vulnerable versions = 3.10.7 Fixed in 3.11.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30748 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10936713e96a Credits István Márton...
Stored XSS
Description Stored XSS attack is possible. Proof of Concept Step 1: Go to the login URL https://demo.easyappointments.org/index.php/user/login and login as an admin. Step 2: Click on Users tab and then click on Add button to create a new user with the following credentials. Credentials: First Nam...
PT-2023-10278 · Unknown · Cp Appointment Calendar Plugin
Name of the Vulnerable Software and Affected Versions: CP Appointment Calendar Plugin version 1.1.5 and earlier Description: A critical vulnerability has been found in the CP Appointment Calendar Plugin. This issue affects the dex process ready to go appointment function of the dex appointments.p...
Easy!Appointments 代码注入漏洞
Easy!Appointments is a web-based appointment and schedule management system. A code injection vulnerability exists in versions prior to Easy!Appointments 1.5.0, which originates from an HTML injection on the /index.php/backend/settings page...
Easy!Appointments uses hard-coded credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments 1.4.3 and prior. A patch is available and anticipated to be part of version 1.5.0...