NotCVE - vendor:"Easyappointments"

Page 2 of 27 results (0.003 seconds)

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3289 – A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3289

09 Jul 2024 — A BOLA vulnerability in POST /services allows a low privileged user to create a service for any user in the system (including admin). This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /services permite a un usuario con pocos privilegios crear un servicio para cualquier usuario del sistema (incluido el administrador). Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-3290 – A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3290

09 Jul 2024 — A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /customers permite a un usuario con pocos privilegios crear un usuario con pocos privilegios (cliente) en el sistema. Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3286 – A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3286

09 Jul 2024 — A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged user (secretary) in the system. This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /secretarias permite a un usuario con pocos privilegios crear un usuario con pocos privilegios (secretaria) en el sistema. Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3287 – A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3287

09 Jul 2024 — A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation. Una vulnerabilidad BOLA en POST /admins permite que un usuario con pocos privilegios cree un usuario con altos privilegios (administrador) en el sistema. Esto da como resultado una escalada de privilegios. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-32295 – WordPress Easy!Appointments plugin <= 1.3.3 - Arbitrary File Deletion vulnerability

https://notcve.org/view.php?id=CVE-2023-32295

10 Aug 2023 — Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3. Vulnerabilidad de autorización faltante en Alex Tselegidis Easy!Appointments. • https://patchstack.com/database/vulnerability/easyappointments/wordpress-easy-appointments-plugin-1-3-1-arbitrary-file-deletion-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-3700 – Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments

https://notcve.org/view.php?id=CVE-2023-3700

17 Jul 2023 — Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-2102 – Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments

https://notcve.org/view.php?id=CVE-2023-2102

15 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/bddc5cbeb7ff237a72943b304dcb01c653781767 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-2103 – Cross-site Scripting (XSS) - Stored in alextselegidis/easyappointments

https://notcve.org/view.php?id=CVE-2023-2103

15 Apr 2023 — Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/46a865300e94c7031cc0e315d95d3e3e56768498 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-2104 – Improper Access Control in alextselegidis/easyappointments

https://notcve.org/view.php?id=CVE-2023-2104

15 Apr 2023 — Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/75b24735767868344193fb2cc56e17ee4b9ac4be • CWE-284: Improper Access Control •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-2105 – Session Fixation in alextselegidis/easyappointments

https://notcve.org/view.php?id=CVE-2023-2105

15 Apr 2023 — Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840 • CWE-384: Session Fixation •

1 2 3