Easyappointments
Approved changes feed: RSS · Atom
cpe:2.3:a:alextselegidis:easyappointments:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Alextselegidis (d21aaa92-af47-5651-b0cc-18723175ff67) |
|---|---|
| Product | Easyappointments (fd172e79-0034-52a7-b5ab-f4dc31683e22) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:composer/alextselegidis/easyappointments |
purl2cpe | 2026-06-01 10:12:41.643801 |
pkg:github/alextselegidis/easyappointments |
purl2cpe | 2026-06-01 10:12:41.643803 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-23622 |
vulnerable | 2026-06-08 07:51:15.682196 |
CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover.
Published: 2026-01-15T19:28:58.369Z
Updated: 2026-01-15T21:34:43.098Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3568 |
vulnerable | 2026-06-08 06:09:39.865242 |
Open Redirect in alextselegidis/easyappointments
MEDIUM (6.3)
Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Published: 2023-07-10T07:28:46.277Z
Updated: 2024-11-07T15:11:16.277Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3290 |
vulnerable | 2026-06-08 06:09:39.077486 |
A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0
MEDIUM (5)
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged user (customer) in the system. This results in unauthorized data manipulation.
Published: 2024-07-09T10:23:21.207Z
Updated: 2024-08-02T06:48:08.412Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-3285 |
vulnerable | 2026-06-08 06:09:39.073458 |
A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0
HIGH (7.7)
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.
Published: 2024-07-09T09:37:24.189Z
Updated: 2024-08-02T06:48:08.473Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38054 |
vulnerable | 2026-06-08 06:08:16.824525 |
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0
CRITICAL (9.9)
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to fetch, modify or delete a low privileged user (customer). This results in unauthorized access and unauthorized data manipulation.
Published: 2024-07-09T10:29:10.033Z
Updated: 2024-08-02T17:30:13.356Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-38049 |
vulnerable | 2026-06-08 06:08:16.820691 | db.gcve.eu details were skipped to keep the page responsive. | Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.