Vulnerabilities (CVE)

Filtered by vendor Easyappointments Subscribe
Filtered by product Easyappointments
Total 23 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-3700 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 6.3 MEDIUM
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-3290 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 5.0 MEDIUM
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
CVE-2023-3289 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 7.7 HIGH
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation.
CVE-2023-3288 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 8.5 HIGH
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.
CVE-2023-3287 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
CVE-2023-3286 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 7.7 HIGH
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation.
CVE-2023-38055 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.6 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to fetch, modify or delete the services of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38054 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38053 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38052 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38051 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38050 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.1 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38049 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38048 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 9.9 CRITICAL
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-38047 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 8.5 HIGH
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVE-2023-2105 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 8.8 HIGH
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2104 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 5.4 MEDIUM
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2103 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-2102 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 4.8 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVE-2023-1367 1 Easyappointments 1 Easyappointments 2024-11-21 N/A 3.8 LOW
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.