NotCVE - vendor:"Alextselegidis"

5 results (0.004 seconds)

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-38054 – A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-38054

09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /customers/{customerId} permite a un usuario con pocos privilegios buscar, modificar o eliminar a un usuario con pocos privilegios (cliente). Esto da como resultado un acceso no autorizado y una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-38049 – A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-38049

09 Jul 2024 — A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. Una vulnerabilidad BOLA en GET, PUT, DELETE /appointments/{appointmentId} permite a un usuario con pocos privilegios buscar, modificar o eliminar una cita de cualquier usuario (incluido el administrador). Esto da como resultado un acceso no autorizado y una manipulac... • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-3290 – A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3290

09 Jul 2024 — A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /customers permite a un usuario con pocos privilegios crear un usuario con pocos privilegios (cliente) en el sistema. Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-3285 – A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0

https://notcve.org/view.php?id=CVE-2023-3285

09 Jul 2024 — A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation. Una vulnerabilidad BOLA en POST /appointments permite a un usuario con pocos privilegios crear una cita para cualquier usuario del sistema (incluido el administrador). Esto da como resultado una manipulación de datos no autorizada. • https://github.com/alextselegidis/easyappointments • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-0698 – Easy!Appointments <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2024-0698

04 Mar 2024 — The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Easy!Appointments para WordPress es vulnerable a ... • https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •