{"url":"http://public2.vulnerablecode.io/api/packages/543889?format=json","purl":"pkg:composer/alextselegidis/easyappointments@1.4.0-beta.1","type":"composer","namespace":"alextselegidis","name":"easyappointments","version":"1.4.0-beta.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66877?format=json","vulnerability_id":"VCID-2gjc-dgmr-rkcb","summary":"Easy!Appointments is a self hosted appointment scheduler. In 1.5.2 and earlier, application/core/EA_Security.php::csrf_verify() only enforces CSRF for POST requests and returns early for non-POST methods. Several application endpoints perform state-changing operations while accepting parameters from GET (or $_REQUEST), so an attacker can perform CSRF by forcing a victim's browser to issue a crafted GET request. Impact: creation of admin accounts, modification of admin email/password, and full admin account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23622","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02637","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02632","published_at":"2026-06-11T12:55:00Z"},{"value":"8e-05","scoring_system":"epss","scoring_elements":"0.00825","published_at":"2026-06-14T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00878","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23622"},{"reference_url":"https://github.com/alextselegidis/easyappointments/blob/41c9b93a5a2c185a914f204412324d8980943fd5/application/core/EA_Security.php#L52","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/blob/41c9b93a5a2c185a914f204412324d8980943fd5/application/core/EA_Security.php#L52"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23622","reference_id":"CVE-2026-23622","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23622"},{"reference_url":"https://github.com/advisories/GHSA-54v4-4685-vwrj","reference_id":"GHSA-54v4-4685-vwrj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-54v4-4685-vwrj"},{"reference_url":"https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-54v4-4685-vwrj","reference_id":"GHSA-54v4-4685-vwrj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-01-15T21:34:33Z/"}],"url":"https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-54v4-4685-vwrj"}],"fixed_packages":[],"aliases":["CVE-2026-23622","GHSA-54v4-4685-vwrj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gjc-dgmr-rkcb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118868?format=json","vulnerability_id":"VCID-3fvb-4hvv-43gu","summary":"alextselegidis Easy!Appointments v1.5.1 was discovered to contain a SQL injection vulnerability via the order_by parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50383","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23046","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23231","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23254","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23243","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-50383"},{"reference_url":"https://easyappointments.org","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://easyappointments.org"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/0f0d71cfe0692daed9aee59bc424ce2a084fd59e","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/commit/0f0d71cfe0692daed9aee59bc424ce2a084fd59e"},{"reference_url":"https://github.com/alextselegidis/easyappointments/releases/tag/1.5.2-beta.1","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/releases/tag/1.5.2-beta.1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50383","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-50383"},{"reference_url":"http://alextselegidis.com","reference_id":"alextselegidis.com","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T14:12:37Z/"}],"url":"http://alextselegidis.com"},{"reference_url":"https://github.com/Abdullah4eb/CVE-2025-50383","reference_id":"CVE-2025-50383","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T14:12:37Z/"}],"url":"https://github.com/Abdullah4eb/CVE-2025-50383"},{"reference_url":"https://easyappointments.org/","reference_id":"easyappointments.org","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-27T14:12:37Z/"}],"url":"https://easyappointments.org/"},{"reference_url":"https://github.com/advisories/GHSA-2f28-69j7-85hf","reference_id":"GHSA-2f28-69j7-85hf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2f28-69j7-85hf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377706?format=json","purl":"pkg:composer/alextselegidis/easyappointments@1.5.2-beta.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/alextselegidis/easyappointments@1.5.2-beta.1"}],"aliases":["CVE-2025-50383","GHSA-2f28-69j7-85hf"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fvb-4hvv-43gu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150637?format=json","vulnerability_id":"VCID-5hqt-e1hz-pkgs","summary":"Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2104","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.3632","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36514","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36525","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.365","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2104"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2104","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2104"},{"reference_url":"https://huntr.dev/bounties/3099b8d1-c49c-41b8-a929-73ccded6fc7c","reference_id":"3099b8d1-c49c-41b8-a929-73ccded6fc7c","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:38:37Z/"}],"url":"https://huntr.dev/bounties/3099b8d1-c49c-41b8-a929-73ccded6fc7c"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/75b24735767868344193fb2cc56e17ee4b9ac4be","reference_id":"75b24735767868344193fb2cc56e17ee4b9ac4be","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:38:37Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/75b24735767868344193fb2cc56e17ee4b9ac4be"},{"reference_url":"https://github.com/advisories/GHSA-fc4g-f42p-7rhp","reference_id":"GHSA-fc4g-f42p-7rhp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fc4g-f42p-7rhp"}],"fixed_packages":[],"aliases":["CVE-2023-2104","GHSA-fc4g-f42p-7rhp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hqt-e1hz-pkgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208382?format=json","vulnerability_id":"VCID-6khc-dn2x-vkbe","summary":"Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments","references":[{"reference_url":"http://packetstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.html","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/166701/Easy-Appointments-Information-Disclosure.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0482","reference_id":"","reference_type":"","scores":[{"value":"0.90789","scoring_system":"epss","scoring_elements":"0.99644","published_at":"2026-06-11T12:55:00Z"},{"value":"0.90789","scoring_system":"epss","scoring_elements":"0.99646","published_at":"2026-06-14T12:55:00Z"},{"value":"0.90789","scoring_system":"epss","scoring_elements":"0.99645","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0482"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/commit/44af526a6fc5e898bc1e0132b2af9eb3a9b2c466"},{"reference_url":"https://github.com/alextselegidis/easyappointments/releases/tag/1.4.3","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/releases/tag/1.4.3"},{"reference_url":"https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/2fe771ef-b615-45ef-9b4d-625978042e26"},{"reference_url":"https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482"},{"reference_url":"https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/","reference_id":"","reference_type":"","scores":[],"url":"https://opencirt.com/hacking/securing-easy-appointments-cve-2022-0482/"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50871.rb","reference_id":"CVE-2022-0482","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/50871.rb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0482","reference_id":"CVE-2022-0482","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0482"},{"reference_url":"https://github.com/advisories/GHSA-r6cm-wg48-rh2r","reference_id":"GHSA-r6cm-wg48-rh2r","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6cm-wg48-rh2r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19628?format=json","purl":"pkg:composer/alextselegidis/easyappointments@1.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gjc-dgmr-rkcb"},{"vulnerability":"VCID-3fvb-4hvv-43gu"},{"vulnerability":"VCID-5hqt-e1hz-pkgs"},{"vulnerability":"VCID-6mjm-zmeb-8ubv"},{"vulnerability":"VCID-88tr-7jp6-cfcr"},{"vulnerability":"VCID-8x87-8fuv-uybp"},{"vulnerability":"VCID-av81-593y-9bca"},{"vulnerability":"VCID-d5dz-m2bm-6fh1"},{"vulnerability":"VCID-hs75-bqbb-4qhg"},{"vulnerability":"VCID-ke2q-pyjf-sfat"},{"vulnerability":"VCID-q46d-3rve-aucr"},{"vulnerability":"VCID-vhq4-urw9-gbfr"},{"vulnerability":"VCID-wtb1-t78a-ckaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/alextselegidis/easyappointments@1.4.3"}],"aliases":["CVE-2022-0482","GHSA-r6cm-wg48-rh2r"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6khc-dn2x-vkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150934?format=json","vulnerability_id":"VCID-6mjm-zmeb-8ubv","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2103","reference_id":"","reference_type":"","scores":[{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.60925","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61038","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.6104","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00397","scoring_system":"epss","scoring_elements":"0.61031","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2103"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2103","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2103"},{"reference_url":"https://huntr.dev/bounties/1df09505-9923-43b9-82ef-15d94bc3f9dc","reference_id":"1df09505-9923-43b9-82ef-15d94bc3f9dc","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:40:57Z/"}],"url":"https://huntr.dev/bounties/1df09505-9923-43b9-82ef-15d94bc3f9dc"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/46a865300e94c7031cc0e315d95d3e3e56768498","reference_id":"46a865300e94c7031cc0e315d95d3e3e56768498","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:40:57Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/46a865300e94c7031cc0e315d95d3e3e56768498"},{"reference_url":"https://github.com/advisories/GHSA-7m8r-gmc3-3p4v","reference_id":"GHSA-7m8r-gmc3-3p4v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7m8r-gmc3-3p4v"}],"fixed_packages":[],"aliases":["CVE-2023-2103","GHSA-7m8r-gmc3-3p4v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mjm-zmeb-8ubv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108573?format=json","vulnerability_id":"VCID-88tr-7jp6-cfcr","summary":"Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29448","reference_id":"","reference_type":"","scores":[{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68074","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68083","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.67985","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00538","scoring_system":"epss","scoring_elements":"0.68086","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-29448"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/74633b60f28bdef3cc9f905c0599cef121fee32b","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/commit/74633b60f28bdef3cc9f905c0599cef121fee32b"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29448","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-29448"},{"reference_url":"https://github.com/Abdullah4eb/CVE-2025-29448","reference_id":"CVE-2025-29448","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-12T18:36:47Z/"}],"url":"https://github.com/Abdullah4eb/CVE-2025-29448"},{"reference_url":"https://github.com/advisories/GHSA-hcjv-982c-5f29","reference_id":"GHSA-hcjv-982c-5f29","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcjv-982c-5f29"}],"fixed_packages":[],"aliases":["CVE-2025-29448","GHSA-hcjv-982c-5f29"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88tr-7jp6-cfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59134?format=json","vulnerability_id":"VCID-8x87-8fuv-uybp","summary":"An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57602","reference_id":"","reference_type":"","scores":[{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78497","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78508","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.7843","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01098","scoring_system":"epss","scoring_elements":"0.78514","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57602"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57602","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57602"},{"reference_url":"https://hkohi.ca/vulnerability/12","reference_id":"12","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T16:02:59Z/"}],"url":"https://hkohi.ca/vulnerability/12"},{"reference_url":"https://github.com/advisories/GHSA-8fc2-fhh6-f6m5","reference_id":"GHSA-8fc2-fhh6-f6m5","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8fc2-fhh6-f6m5"}],"fixed_packages":[],"aliases":["CVE-2024-57602","GHSA-8fc2-fhh6-f6m5"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8x87-8fuv-uybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/209325?format=json","vulnerability_id":"VCID-av81-593y-9bca","summary":"Privilege escalation in easyappointments","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1397","reference_id":"","reference_type":"","scores":[{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45892","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45747","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45886","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.459","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1397"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/63dbb51decfcc1631c398ecd6d30e3a337845526","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alextselegidis/easyappointments/commit/63dbb51decfcc1631c398ecd6d30e3a337845526"},{"reference_url":"https://huntr.dev/bounties/5f69e094-ab8c-47a3-b01d-8c12a3b14c61","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.dev/bounties/5f69e094-ab8c-47a3-b01d-8c12a3b14c61"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1397","reference_id":"CVE-2022-1397","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1397"},{"reference_url":"https://github.com/advisories/GHSA-7f62-4887-cfv5","reference_id":"GHSA-7f62-4887-cfv5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7f62-4887-cfv5"}],"fixed_packages":[],"aliases":["CVE-2022-1397","GHSA-7f62-4887-cfv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-av81-593y-9bca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144769?format=json","vulnerability_id":"VCID-d5dz-m2bm-6fh1","summary":"Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1367","reference_id":"","reference_type":"","scores":[{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44037","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44198","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.4419","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00214","scoring_system":"epss","scoring_elements":"0.44209","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1367"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1367","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1367"},{"reference_url":"https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2","reference_id":"16bc74e2-1825-451f-bff7-bfdc1ea75cc2","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:14:46Z/"}],"url":"https://huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4","reference_id":"453c6e130229718680c91bef450db643a0f263e4","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-27T19:14:46Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4"},{"reference_url":"https://github.com/advisories/GHSA-9qvw-fhj2-xqmv","reference_id":"GHSA-9qvw-fhj2-xqmv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qvw-fhj2-xqmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380975?format=json","purl":"pkg:composer/alextselegidis/easyappointments@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8x87-8fuv-uybp"},{"vulnerability":"VCID-q46d-3rve-aucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/alextselegidis/easyappointments@1.5.0"}],"aliases":["CVE-2023-1367","GHSA-9qvw-fhj2-xqmv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d5dz-m2bm-6fh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150953?format=json","vulnerability_id":"VCID-hs75-bqbb-4qhg","summary":"Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2105","reference_id":"","reference_type":"","scores":[{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.7441","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74494","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74496","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00795","scoring_system":"epss","scoring_elements":"0.74483","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2105"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2105","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2105"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840","reference_id":"7f37350fab9d729a9350d96369ff0f453cf7b840","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:36:02Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/7f37350fab9d729a9350d96369ff0f453cf7b840"},{"reference_url":"https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1","reference_id":"de213e0b-a227-4fc3-bbe7-0b33fbf308e1","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-02-06T15:36:02Z/"}],"url":"https://huntr.dev/bounties/de213e0b-a227-4fc3-bbe7-0b33fbf308e1"},{"reference_url":"https://github.com/advisories/GHSA-4qmm-cv4r-qfr4","reference_id":"GHSA-4qmm-cv4r-qfr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4qmm-cv4r-qfr4"}],"fixed_packages":[],"aliases":["CVE-2023-2105","GHSA-4qmm-cv4r-qfr4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs75-bqbb-4qhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150974?format=json","vulnerability_id":"VCID-ke2q-pyjf-sfat","summary":"Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2102","reference_id":"","reference_type":"","scores":[{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.5854","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58656","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58667","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0036","scoring_system":"epss","scoring_elements":"0.58651","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-2102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2102","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-2102"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/bddc5cbeb7ff237a72943b304dcb01c653781767","reference_id":"bddc5cbeb7ff237a72943b304dcb01c653781767","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:43:31Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/bddc5cbeb7ff237a72943b304dcb01c653781767"},{"reference_url":"https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44","reference_id":"dd7c04a7-a984-4387-9ac4-24596e7ece44","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-06T15:43:31Z/"}],"url":"https://huntr.dev/bounties/dd7c04a7-a984-4387-9ac4-24596e7ece44"},{"reference_url":"https://github.com/advisories/GHSA-j6qq-9939-9jv8","reference_id":"GHSA-j6qq-9939-9jv8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j6qq-9939-9jv8"}],"fixed_packages":[],"aliases":["CVE-2023-2102","GHSA-j6qq-9939-9jv8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ke2q-pyjf-sfat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59329?format=json","vulnerability_id":"VCID-q46d-3rve-aucr","summary":"Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57601","reference_id":"","reference_type":"","scores":[{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44852","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44855","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44701","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0022","scoring_system":"epss","scoring_elements":"0.44867","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-57601"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57601","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-57601"},{"reference_url":"https://hkohi.ca/vulnerability/13","reference_id":"13","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T16:52:56Z/"}],"url":"https://hkohi.ca/vulnerability/13"},{"reference_url":"https://github.com/advisories/GHSA-3wf7-83q3-948c","reference_id":"GHSA-3wf7-83q3-948c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3wf7-83q3-948c"}],"fixed_packages":[],"aliases":["CVE-2024-57601","GHSA-3wf7-83q3-948c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q46d-3rve-aucr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/151390?format=json","vulnerability_id":"VCID-vhq4-urw9-gbfr","summary":"Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3700","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05678","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05669","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0566","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05685","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-3700"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3700","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3700"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64","reference_id":"b37b46019553089db4f22eb2fe998bca84b2cb64","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T14:53:28Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/b37b46019553089db4f22eb2fe998bca84b2cb64"},{"reference_url":"https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8","reference_id":"e8d530db-a6a7-4f79-a95d-b77654cc04f8","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-30T14:53:28Z/"}],"url":"https://huntr.dev/bounties/e8d530db-a6a7-4f79-a95d-b77654cc04f8"},{"reference_url":"https://github.com/advisories/GHSA-8c6q-26w6-qwhg","reference_id":"GHSA-8c6q-26w6-qwhg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c6q-26w6-qwhg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380975?format=json","purl":"pkg:composer/alextselegidis/easyappointments@1.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8x87-8fuv-uybp"},{"vulnerability":"VCID-q46d-3rve-aucr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/alextselegidis/easyappointments@1.5.0"}],"aliases":["CVE-2023-3700","GHSA-8c6q-26w6-qwhg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vhq4-urw9-gbfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/144644?format=json","vulnerability_id":"VCID-wtb1-t78a-ckaf","summary":"Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1269","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71441","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.7143","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71442","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71342","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-1269"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1269","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1269"},{"reference_url":"https://github.com/alextselegidis/easyappointments/commit/2731d2f17c5140c562426b857e9f5d63da5c4593","reference_id":"2731d2f17c5140c562426b857e9f5d63da5c4593","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:27:07Z/"}],"url":"https://github.com/alextselegidis/easyappointments/commit/2731d2f17c5140c562426b857e9f5d63da5c4593"},{"reference_url":"https://huntr.dev/bounties/91c31eb6-024d-4ad3-88fe-f15b03fd20f5","reference_id":"91c31eb6-024d-4ad3-88fe-f15b03fd20f5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-05T20:27:07Z/"}],"url":"https://huntr.dev/bounties/91c31eb6-024d-4ad3-88fe-f15b03fd20f5"},{"reference_url":"https://github.com/advisories/GHSA-347f-rxg8-qgrv","reference_id":"GHSA-347f-rxg8-qgrv","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-347f-rxg8-qgrv"}],"fixed_packages":[],"aliases":["CVE-2023-1269","GHSA-347f-rxg8-qgrv"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtb1-t78a-ckaf"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/alextselegidis/easyappointments@1.4.0-beta.1"}