alextselegidis/easyappointments is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of sanitization in the legal settings, service names, and category names of the booking page, which allows an attacker to inject and execute arbitrary JavaScript into the browser.