alextselegidis/easyappointments is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user display name sanitization in backend_header.php
, which allows an attacker to inject and execute arbitrary JavaScript into the browser.