Filtered by vendor Easyappointments
Subscriptions
Filtered by product Easyappointments
Subscriptions
Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38049 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38048 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.9 Critical |
| A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2023-38047 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.5 High |
| A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation. | ||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 8.8 High |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | ||||
| CVE-2022-0482 | 1 Easyappointments | 1 Easyappointments | 2024-11-21 | 9.1 Critical |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3. | ||||