In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade alextselegidis/easyappointments to version 1.6.0 or higher.
alextselegidis/easyappointments is a powerful Open Source Appointment Scheduler that can be installed on your server.
Affected versions of this package are vulnerable to Information Exposure via the Booking::index process. An attacker can access sensitive customer information by obtaining the 12-character appointment_hash, which is exposed in plain text in reschedule emails, confirmation page URLs, and operator-side calendar links.