2 matches found
CVE-2026-52837
Summary: Easy!Appointments
CVE-2026-52837 Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...