Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

easyappointments — Vulnerabilities & Security Advisories 16

All 16 CVE vulnerabilities found in easyappointments, with AI-generated Chinese analysis, references, and POCs.

Vendor: alextselegidis

CVE IDTitleCVSSSeverityPublished
CVE-2026-23622 CSRF Protection Bypass: Sensitive endpoints accept GET requests, enabling admin account takeover CWE-352 8.8AIHighAI2026-01-15
CVE-2023-3288 A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0 CWE-639 8.5 High2024-07-09
CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0 CWE-639 9.6 Critical2024-07-09
CVE-2023-38054 A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38053 A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38052 A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38051 A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38050 A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0 CWE-639 9.1 Critical2024-07-09
CVE-2023-38049 A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38048 A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-38047 A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0. CWE-639 8.5 High2024-07-09
CVE-2023-3289 A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0 CWE-639 7.7 High2024-07-09
CVE-2023-3290 A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0 CWE-639 5.0 Medium2024-07-09
CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0 CWE-639 7.7 High2024-07-09
CVE-2023-3287 A BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0 CWE-639 9.9 Critical2024-07-09
CVE-2023-3285 A BOLA vulnerability in POST /appointments in EasyAppointments < 1.5.0 CWE-639 7.7 High2024-07-09

All 16 known CVE vulnerabilities affecting easyappointments with full Chinese analysis, references, and POCs where available.