Vulnerabilities > Easyappointments > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2023-3286 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system.
network
low complexity
easyappointments CWE-639
6.5
6.5
2024-07-09 CVE-2023-3289 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin).
network
low complexity
easyappointments CWE-639
6.5
6.5
2024-07-09 CVE-2023-3290 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system.
network
low complexity
easyappointments CWE-639
5.0
5.0
2023-07-17 CVE-2023-3700 Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-639
4.3
4.3
2023-04-15 CVE-2023-2103 Cross-site Scripting vulnerability in Easyappointments
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-79
5.4
5.4
2023-04-15 CVE-2023-2104 Improper Access Control vulnerability in Easyappointments
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-284
5.4
5.4
2023-04-15 CVE-2023-2102 Cross-site Scripting vulnerability in Easyappointments
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
network
low complexity
easyappointments CWE-79
4.8
4.8
2022-03-09 CVE-2022-0482 Privacy Violation vulnerability in Easyappointments
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
network
low complexity
easyappointments CWE-359
6.4
6.4
2020-03-16 CVE-2018-13063 Missing Authorization vulnerability in Easyappointments Easy!Appointments
Easy!Appointments 1.3.0 has a Missing Authorization issue allowing retrieval of hashed passwords and salts.
network
low complexity
easyappointments CWE-862
5.0
5.0
2020-03-16 CVE-2018-13060 Improper Authentication vulnerability in Easyappointments Easy!Appointments
Easy!Appointments 1.3.0 has a Guessable CAPTCHA issue.
network
low complexity
easyappointments CWE-287
5.0
5.0