Shodan
Vulnerabilities
Vulnerable Software
Easyappointments:  >> Easyappointments  Security Vulnerabilities
CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38054
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38047
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38048
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38049
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.001
Published
2024-07-09
CVE-2023-3700
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2023-07-17
CVE-2023-2103
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-04-15
CVE-2023-2104
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-04-15
CVE-2023-2105
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
5.4
EPSS Score
0.004
Published
2023-04-15
CVE-2023-2102
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-04-15


Products
Pricing
Contact Us

Shodan ® - All rights reserved