Vulnerabilities > Easyappointments > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2023-3286 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. | 6.5 |
| 2024-07-09 | CVE-2023-3289 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). | 6.5 |
| 2024-07-09 | CVE-2023-3290 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. | 5.0 |
| 2023-07-17 | CVE-2023-3700 | Unspecified vulnerability in Easyappointments Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 4.3 |
| 2023-04-15 | CVE-2023-2103 | Unspecified vulnerability in Easyappointments Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 |
| 2023-04-15 | CVE-2023-2104 | Unspecified vulnerability in Easyappointments Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 5.4 |
| 2023-04-15 | CVE-2023-2102 | Unspecified vulnerability in Easyappointments Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. | 4.8 |
| 2020-03-16 | CVE-2018-13060 | Improper Authentication vulnerability in Easyappointments Easy!Appointments Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue. | 6.5 |
| 2019-09-11 | CVE-2019-14936 | Unspecified vulnerability in Easyappointments Easy!Appointments 1.3.2 Easy!Appointments 1.3.2 plugin for WordPress allows Sensitive Information Disclosure (Username and Password Hash). | 5.3 |