Remote code execution in alextselegidis/easyappointments
Cross Site Scripting vulnerability in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to execute arbitrary code via the legal_settings parameter.
Advisories for Composer/Alextselegidis/Easyappointments package
2025
Easy!Appointments Improper Restriction of Excessive Authentication Attempts
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
2023
Authorization Bypass Through User-Controlled Key
Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Session Fixation
Session Fixation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site Scripting (XSS) - Stored in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Improper Access Control
Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Improper Control of Generation of Code ('Code Injection')
Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
Use of Hard-coded Credentials
Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0.
2022
Improper Privilege Management
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover.
Incorrect Authorization
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository alextselegidis/easyappointments prior to 1.4.3.