Vulnerabilities > Easyappointments

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2023-3287 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system.
network
low complexity
easyappointments CWE-639
8.8
2024-07-09 CVE-2023-3288 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system.
network
low complexity
easyappointments CWE-639
8.8
2024-07-09 CVE-2023-3289 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin).
network
low complexity
easyappointments CWE-639
6.5
2024-07-09 CVE-2023-3290 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system.
network
low complexity
easyappointments CWE-639
5.0
2023-07-17 CVE-2023-3700 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-639
4.3
2023-04-15 CVE-2023-2103 Cross-site Scripting vulnerability in Easyappointments
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-79
5.4
2023-04-15 CVE-2023-2104 Improper Access Control vulnerability in Easyappointments
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-284
5.4
2023-04-15 CVE-2023-2105 Session Fixation vulnerability in Easyappointments
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-384
8.8
2023-04-15 CVE-2023-2102 Cross-site Scripting vulnerability in Easyappointments
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-79
4.8
2023-03-13 CVE-2023-1367 Code Injection vulnerability in Easyappointments
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-94
3.8