Main Vulnerability Database Vulnerabilities #VU134529

Information disclosure in Easy!Appointments - #VU134529

Published: June 15, 2026

Vulnerability identifier: #VU134529

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: A.Tselegidis

Affected software:
Easy!Appointments

Detailed vulnerability description

The vulnerability allows a remote user to modify or delete other users' appointments.

The vulnerability exists due to exposure of sensitive information to an unauthorized actor in the customers search endpoint when handling authenticated search requests. A remote user can obtain appointment hashes belonging to other users and reuse them to modify or delete other users' appointments.

The exposed hashes can also be used to view appointment information through appointment management functionality.

Remediation

Install security update from vendor's website.

Sources

https://github.com/alextselegidis/easyappointments/security/advisories/GHSA-4vmm-5qvc-w5p7

Information disclosure in Easy!Appointments - #VU134529

Detailed vulnerability description

Remediation

Sources

Please verify you're human