Lucene search
K
EasyappointmentsEasyappointments

25 matches found

CVE
CVE
added 2022/05/10 10:5 a.m.2433 views

CVE-2022-1397

CVE-2022-1397 affects Easy!Appointments (GitHub: alextselegidis/easyappointments). The vulnerability is an API privilege escalation arising from inadequate authorization checks: the API validates existence of a user but not their permissions, allowing a low-privileged user (e.g., provider) to cre...

9CVSS8.7AI score0.01115EPSS
CVE
CVE
added 2022/03/09 10:20 a.m.2351 views

CVE-2022-0482

Easy!Appointments before 1.4.3 is affected by a Broken Access Control vulnerability that allows an unauthorized user to retrieve sensitive appointment data via a public-facing API endpoint (examples reference /index.php/backend_api/ajax_get_calendar_events) due to missing authentication/permissio...

9.1CVSS9.1AI score0.38133EPSS
In wildWeb
CVE
CVE
added 2023/04/15 12:0 a.m.268 views

CVE-2023-2105

CVE-2023-2105 concerns the Easy!Appointments project by alextselegidis. The issue is a session fixation vulnerability where the application does not generate a new ea_session cookie after user authentication, allowing a malicious actor to inject a session cookie and gain access after login. The f...

8.8CVSS6.9AI score0.00668EPSS
CVE
CVE
added 2024/07/09 10:24 a.m.81 views

CVE-2023-3289

CVE-2023-3289 affects Easy!Appointments (versions prior to 1.5.0). A BOLA in POST /services allows a low-privileged user to create a service for any user (including admin), leading to unauthorized data manipulation. The connected documents provide explicit description of the affected endpoint and...

7.7CVSS6.5AI score0.00327EPSS
CVE
CVE
added 2025/02/12 12:0 a.m.80 views

CVE-2024-57602

CVE-2024-57602 concerns EasyAppointments v1.5.0. Multiple connected sources confirm a vulnerability in the application where a missing permission validation in the file index.php enables a remote attacker to escalate privileges. The issue is described as unauthenticated, network-based, with HIGH ...

9.8CVSS7.2AI score0.00801EPSS
CVE
CVE
added 2025/02/12 12:0 a.m.79 views

CVE-2024-57601

Consolidated details show a data-venue XSS vulnerability in Alex Tselegidis EasyAppointments v1.5.0, exploitable via the unfiltered legal_settings parameter. The CVE-2024-57601 entry is supported by multiple connected sources (Red Hat, OSV, OSV.dev, GHSA, Snyk, CNNVD, CIRCL) that consistently des...

6.1CVSS7.4AI score0.00507EPSS
CVE
CVE
added 2023/03/08 12:0 a.m.74 views

CVE-2023-1269

CVE-2023-1269 affects Easy!Appointments (GitHub repo alextselegidis/easyappointments) prior to version 1.5.0. The root cause is hard-coded credentials in the repository. Impact described in sources centers on credential exposure; exploitation details are not provided in the documents. A fix is av...

9.8CVSS8AI score0.00743EPSS
CVE
CVE
added 2024/07/09 10:30 a.m.67 views

CVE-2023-3288

CVE-2023-3288 affects Easy!Appointments, where a BOLA flaw on POST /providers allows a low-privileged user to create a privileged provider, enabling privilege escalation. Multiple connected sources (including CVELIST entry Easy!Appointments

8.8CVSS8.4AI score0.00349EPSS
CVE
CVE
added 2024/07/09 10:20 a.m.61 views

CVE-2023-3286

CVE-2023-3286 affects Easy!Appointments prior to version 1.5.0. The vulnerability is described as a BOLA issue on POST /secretaries that allows a low-privileged user to create another low-privileged secretary account, enabling unauthorized data manipulation. The connected sources consistently fra...

7.7CVSS6.4AI score0.00327EPSS
CVE
CVE
added 2024/07/09 10:25 a.m.60 views

CVE-2023-38048

CVE-2023-38048 affects Easy!Appointments (older releases) via a BOLA vulnerability in GET, PUT, DELETE /providers/{providerId}, enabling a low-privileged user to fetch, modify, or delete a privileged provider account. The vulnerability is described consistently across sources as an insecure autho...

9.9CVSS8.5AI score0.004EPSS
Web
CVE
CVE
added 2023/04/15 12:0 a.m.59 views

CVE-2023-2104

CVE-2023-2104 affects the easyappointments project (extending across multiple feeds). The vulnerability is described as Improper Access Control in the GitHub repository alextselegidis/easyappointments prior to version 1.5.0. Multiple connected sources confirm that versions 1.4.3 and earlier allow...

5.4CVSS5.4AI score0.00447EPSS
CVE
CVE
added 2024/07/09 10:17 a.m.59 views

CVE-2023-3287

Vulnerability details (CVE-2023-3287): Easy!Appointments

9.9CVSS8.8AI score0.00435EPSS
CVE
CVE
added 2024/07/09 10:26 a.m.57 views

CVE-2023-38050

Easy!Appointments is affected by a BOLA vulnerability in the GET, PUT, DELETE /webhooks/{webhookId} endpoints, enabling a low-privileged user to fetch, modify, or delete any user’s webhook (including admin). Root cause: insufficient access control. Impact: unauthorized access and data manipulatio...

9.1CVSS8.3AI score0.00355EPSS
Web
CVE
CVE
added 2024/07/09 10:29 a.m.56 views

CVE-2023-38055

The CVE CVE-2023-38055 affects Easy!Appointments (vulnerable in versions before 1.5.0) via the GET, PUT, and DELETE /services/{serviceId} endpoint. The root cause is an insufficient access-control check in this interface, enabling a low-privileged user to fetch, modify, or delete services for any...

9.6CVSS8.4AI score0.0039EPSS
Web
CVE
CVE
added 2024/07/09 10:26 a.m.54 views

CVE-2023-38049

CVE-2023-38049 (Easy!Appointments) : The connected sources confirm a BOLA vulnerability in GET, PUT, and DELETE /appointments/{appointmentId} affecting Easy!Appointments versions

9.9CVSS8.5AI score0.00415EPSS
Web
CVE
CVE
added 2023/03/13 12:0 a.m.52 views

CVE-2023-1367

CVE-2023-1367 — Code Injection in easyappointments (GitHub: alextselegidis/easyappointments) Concrete details in connected documents confirm a vulnerability in Easy!Appointments versions prior to 1.5.0 caused by unescaped output, enabling code injection. Public sources note an HTML injection vect...

6CVSS4.6AI score0.00431EPSS
CVE
CVE
added 2023/04/15 12:0 a.m.52 views

CVE-2023-2102

CVE-2023-2102 is a stored XSS vulnerability in the GitHub repository alextselegidis/easyappointments, affecting versions prior to 1.5.0. Multiple sources (OSV, GHSA, NVD, CVE list, CNNVD, PT-PTSecurity) corroborate that the issue is a stored XSS vulnerability in Easy!Appointments before 1.5.0, wi...

6.8CVSS5AI score0.00503EPSS
CVE
CVE
added 2023/04/15 12:0 a.m.52 views

CVE-2023-2103

The CVE-2023-2103 entry concerns a stored Cross-site Scripting (XSS) vulnerability in the GitHub repository for alextselegidis/easyappointments , present in versions prior to 1.5.0 . Multiple connected sources describe the issue as a stored XSS triggered by user input, with a patch available at a...

5.4CVSS4.7AI score0.00475EPSS
CVE
CVE
added 2024/07/09 10:27 a.m.51 views

CVE-2023-38052

CVE-2023-38052 describes a BOLA vulnerability in the EasyAppointments API where GET, PUT, DELETE /admins/{adminId} endpoints permit a low-privileged user to fetch, modify, or delete a high-privileged admin, leading to unauthorized access and data manipulation. Multiple sources associate this with...

9.9CVSS8.3AI score0.004EPSS
Web
CVE
CVE
added 2024/07/09 10:23 a.m.50 views

CVE-2023-3290

Consolidated from connected records, CVE-2023-3290 applies to EasyAppointments, specifically the vulnerability in POST /customers. The root cause is an insecure authorization check that lets a low-privileged user create another low-privileged customer, enabling unauthorized data manipulation. Rel...

5CVSS4.8AI score0.00295EPSS
CVE
CVE
added 2024/07/09 10:27 a.m.49 views

CVE-2023-38051

CVE-2023-38051 affects Easy!Appointments prior to 1.5.0. The vulnerability is a BOLA (authorization) issue in GET, PUT, DELETE /secretaries/{secretaryId}, allowing a low-privileged attacker to fetch, modify, or delete a secretary’s data. Impact described across multiple sources: unauthorized acce...

9.9CVSS8.5AI score0.004EPSS
Web
CVE
CVE
added 2024/07/09 10:28 a.m.49 views

CVE-2023-38053

CVE-2023-38053 describes a BOLA vulnerability in EasyAppointments (GET, PUT, DELETE /settings/{settingName}) where a low-privileged user can fetch, modify, or delete the settings of any user (including admins) due to insufficient access control. Impact documented as unauthorized access and unauth...

9.9CVSS8.5AI score0.004EPSS
Web
CVE
CVE
added 2024/07/09 10:25 a.m.48 views

CVE-2023-38047

CVE-2023-38047 affects Easy!Appointments prior to 1.5.0. The issue is an authorization flaw in GET, PUT, and DELETE on /categories/{categoryId} that lets a low-privileged user fetch, modify, or delete category data for any user (including admins), causing unauthorized access and data manipulation...

8.5CVSS7.8AI score0.00373EPSS
Web
CVE
CVE
added 2024/07/09 10:29 a.m.48 views

CVE-2023-38054

CVE-2023-38054 affects Easy!Appointments; a BOLA flaw in GET/PUT/DELETE /customers/{customerId} lets a low-privilege user fetch/modify/delete other low-privilege customers. Root cause: insufficient access checks. Impact: unauthorized data access and manipulation. Affected: Easy!Appointments versi...

9.9CVSS8.5AI score0.004EPSS
Web
CVE
CVE
added 2023/07/17 6:16 a.m.41 views

CVE-2023-3700

CVE-2023-3700 affects Easy!Appointments prior to 1.5.0 (GitHub: alextselegidis/easyappointments). The root cause is improper access control enabling authorization bypass via a user-controlled key, allowing access to restricted functions. The issue is addressed by upgrading to version 1.5.0 or lat...

6.3CVSS5.3AI score0.00374EPSS