Shodan
Vulnerabilities
Vulnerable Software
Easyappointments:  Security Vulnerabilities
CVE-2023-3290
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
CVSS Score
5.0
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38050
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to fetch, modify or delete a webhook of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.1
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38051
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user to fetch, modify or delete a low privileged user (secretary). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38052
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch, modify or delete a high privileged user (admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38053
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to fetch, modify or delete the settings of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38054
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38047
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
8.5
EPSS Score
0.001
Published
2024-07-09
CVE-2023-38048
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-38049
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged user to fetch, modify or delete an appointment of any user (including admin). This results in unauthorized access and unauthorized data manipulation.
CVSS Score
9.9
EPSS Score
0.002
Published
2024-07-09
CVE-2023-32295
Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3.
CVSS Score
6.3
EPSS Score
0.002
Published
2024-04-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved