CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2105 – Session Fixation in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-2105
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840 https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1 • CWE-384: Session Fixation •
CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1367 – Code Injection in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-1367
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4 https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-1269 – Use of Hard-coded Credentials in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2023-1269
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. • https://github.com/alextselegidis/easyappointments/commit/2731d2f17c5140c562426b857e9f5d63da5c4593 https://huntr.dev/bounties/91c31eb6-024d-4ad3-88fe-f15b03fd20f5 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1397 – API Privilege Escalation in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2022-1397
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. Una Escalada de privilegios de la API en el repositorio de GitHub alextselegidis/easyappointments versiones anteriores a 1.5.0. Una toma de control total del sistema • https://github.com/alextselegidis/easyappointments/commit/63dbb51decfcc1631c398ecd6d30e3a337845526 https://huntr.dev/bounties/5f69e094-ab8c-47a3-b01d-8c12a3b14c61 • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 26%CPEs: 1EXPL: 4CVE-2022-0482 – Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
https://notcve.org/view.php?id=CVE-2022-0482
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. Una Exposición de Información Personal Privada a un Actor no Autorizado en el repositorio de GitHub alextselegidis/easyappointments versiones anteriores a 1.4.3 Easy!Appointments versions prior to 1.4.3 suffers from an unauthenticated PII disclosure vulnerability. • https://www.exploit-db.com/exploits/50871 https://github.com/Acceis/exploit-CVE-2022-0482 http://packetstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.html https://github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466 https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26 https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-863: Incorrect Authorization •