alextselegidis/easyappointments
Packagist10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting alextselegidis/easyappointmentspage 1 of 1
- CVE-2022-0482CRITICALCVSS 9.1EG 9.1✓ Fixed in 1.4.32022-03-09
vulnerable: 1.1.0 ... 1.4.3-beta.1 (22 versions)
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.
- CVE-2022-1397HIGHCVSS 8.8EG 8.82022-05-10
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
- CVE-2023-1269CRITICALCVSS 9.8EG 9.82023-03-08
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-1367LOWCVSS 3.8EG 3.8✓ Fixed in 1.5.02023-03-13
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2102MEDIUMCVSS 4.8EG 6.82023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2103MEDIUMCVSS 5.4EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2104MEDIUMCVSS 5.4EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-2105HIGHCVSS 8.8EG 5.42023-04-15
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2023-3700MEDIUMCVSS 6.3EG 6.3✓ Fixed in 1.5.02023-07-17
vulnerable: 1.1.0 ... 1.4.3-beta.1 (23 versions)
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
- CVE-2026-23622HIGHCVSS 8.8EG 8.82026-01-15
vulnerable: 1.1.0 ... 1.5.2 (24 versions)
Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perf…
Check whether alextselegidis/easyappointments is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for alextselegidis/easyappointments CVEs against the assets you own.
Start Free Scan →