repository icon
alextselegidis / easyappointments Project repository

:date: Easy!Appointments - Self Hosted Appointment Scheduler

Submit a report

FIRST INTERACTION

WITHIN141 DAYS

REVIEW

WITHIN141 DAYS

FIX

WITHIN65 DAYS

Unverified password change : old password can be used as new password
th3l0newolf
informative
Medium
Unverified Password Change
newb3ast
informative
Medium
IDOR change Personal Information in settings
meme-dm
duplicate
High
XSS & SQL Injection on "zip_code" parameter
xo19do
duplicate
High
Insufficient Session Expiration allows the old session to be valid after logging...
me0x2gg
informative
Medium
Stored HTML Injection on Service
si13ntr311ik
informative
Medium
SQL Injection
deepakkuma24
informative
High
Sensitive Information Disclosed likes hash, password etc
deepakkuma24
informative
Medium
Insecure direct object references (IDOR)
deepakkuma24
informative
High
IDOR can make attackers add or close others' unavaiable
lujiefsi
Medium
CVE-2023-3700
Privilege Escalation Lead to full control on the Organization
mohamedabdelhady933
informative
High
Authenticated user without any privileges can read and modify calendar appointme...
thelabda
informative
Medium
User Can edit Customers even after logout from the application
mohitkumar0786
informative
Medium
Improper Authorization lead an low privilege user can create appointment in Admi...
baobaovt
informative
Critical
Information Disclosure
duyhm1995
informative
None
Reflected XSS
m0ck3d
informative
Medium
Stored XSS in Personal Information Feature (First & Last Name)
raihansmart
informative
Medium
Moment 2.25.3 in use which is vulnerable to CVE-2022-31129
popcorn94
informative
Medium
No Protection Against Bruteforce attacks on Login Page
m0ck3d
self closed
Stored XSS
m0ck3d
self closed
Stored XSS
liteshghute
Medium
CVE-2023-2102
Multiple XSS in Create/Update Funtion Version 1.4.3 and 1.5.0-dev.2
tht1997
Medium
CVE-2023-2103
Html Injection to Open redirect
ghostbit11
High
Improper Access Control which allows one provider to view and edit others provid...
hacker1984
Medium
CVE-2023-2104
Session Fixation Vulnerability
hacker1984
Medium
CVE-2023-2105
Privilege Escalation Lead to full control on the Organization
mohamedabdelhady933
informative
High
Full Account TakeOver
mohamedabdelhady933
informative
High
Weak Password Policy
ctflearner
informative
High
Stored XSS When Adding Categories leads to Defacement
gonzxph
informative
Medium
Stored HTML Injection via Company Name
mike993
Medium
CVE-2023-1367
Stored HTML&Hyperlink injection via first and last name field
thewhiteevil
informative
Medium
Default account creation on all installation methods
pedrojosenavasperez
Medium
CVE-2023-1269
database credentials disclose in github repo source code
wickrine
not applicable
Composer installed.json publicly accessible
nilabhrajpoot
informative
High
UI REDRESSING
tharunavula
Critical
Administrative Account Takeover
galapag0s
duplicate
High
Account Takeover
gaurav-g2
Medium
Broken access control lead to information disclosure
gaurav-g2
informative
High
API Privilege Escalation
francescocarlucci
High
$15CVE-2022-1397
DoS due to unrestricted hashing
francescocarlucci
High
$15
Exposure of Private Personal Information to an Unauthorized Actor
francescocarlucci
Critical
$35CVE-2022-0482
Cross-site Scripting (XSS) - Stored
0x7zed
informative
High
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
0x7zed
not applicable
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
dmandefy
not applicable