Using these hashes, an attacker can modify or delete appointments of other providers, resulting in an Appointments Takeover. Version 1.6.0 fixes the issue.
No analysis available yet.
No remediation available yet.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Alextselegidis
Alextselegidis easyappointments |
|
| Vendors & Products |
Alextselegidis
Alextselegidis easyappointments |
Tue, 14 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Easy!Appointments is a self hosted appointment scheduler. In version 1.5.2, an Excessive Data Exposure vulnerability in the customers search endpoint allows an authenticated user to obtain appointment hashes belonging to other users. Using these hashes, an attacker can modify or delete appointments of other providers, resulting in an Appointments Takeover. Version 1.6.0 fixes the issue. | |
| Title | Easy!Appointments Vulnerable to Appointments Takeover via Excessive Data Exposure | |
| Weaknesses | CWE-200 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-14T16:00:49.009Z
Reserved: 2026-06-16T23:52:12.059Z
Link: CVE-2026-55651
Updated: 2026-07-14T16:00:19.782Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T16:45:04Z
-
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor