Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
alextselegidis easyappointments

Version 0

SINGLE_NUMBER 5 CVEs

Known Vulnerabilities

CVE-2023-38054

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.

CRITICAL CVSS 9.9 Published Jul 09, 2024

CVE-2023-38049

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.

CRITICAL CVSS 9.9 Published Jul 09, 2024

CVE-2023-3290

A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.

MEDIUM CVSS 5.0 Published Jul 09, 2024

CVE-2023-3285

A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.

HIGH CVSS 7.7 Published Jul 09, 2024

CVE-2023-3568

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

MEDIUM CVSS 6.3 Published Jul 10, 2023