📦 Easyappointments

A privilege escalation vulnerability in EasyAppointments v1.5.0 allows remote attackers to gain elevated privileges through the index.php file. This affects all installations running the vulnerable ve...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in the Easy!Appointments scheduling software. It allows low-privileged users to create administrator accounts, leading to pr...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in Easy!Appointments webhook endpoints that allows low-privileged authenticated users to access, modify, or delete any user'...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in Easy!Appointments that allows low-privileged users to access, modify, or delete administrator accounts by manipulating ad...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in Easy!Appointments where low-privileged users can access, modify, or delete other users' data by manipulating customer IDs...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in Easy!Appointments that allows low-privileged users to access, modify, or delete privileged provider accounts. Attackers c...

CVE-2023-1269 involves hard-coded credentials in the easyappointments scheduling software, allowing attackers to gain unauthorized access to the application. This affects all installations using versi...

This vulnerability in Easy Appointments allows unauthorized actors to access private personal information stored in the application. It affects all users of Easy Appointments versions prior to 1.4.3 w...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in the Easy!Appointments system where a low-privileged user can create additional low-privileged user accounts (secretaries)...

This Broken Object Level Authorization (BOLA) vulnerability allows low-privileged users to create services for any user in the system, including administrators. This enables unauthorized data manipula...

This CVE describes a Broken Object Level Authorization (BOLA) vulnerability in the Easy!Appointments scheduling software. It allows low-privileged users to access, modify, or delete any user's appoint...

This session fixation vulnerability in easyappointments allows attackers to hijack user sessions by fixing session IDs before authentication. It affects all users of easyappointments versions prior to...

A cross-site scripting (XSS) vulnerability in EasyAppointments v1.5.0 allows remote attackers to inject malicious scripts via the legal_settings parameter. This affects all users running the vulnerabl...