Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Candidats Security Vulnerabilities

cve
cve

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to...

7.5CVSS

7.4AI Score

0.002EPSS

2022-11-03 08:15 PM
18
6
cve
cve

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS...

6.1CVSS

6AI Score

0.001EPSS

2022-11-03 08:15 PM
26
6
cve
cve

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS...

6.1CVSS

6AI Score

0.001EPSS

2022-11-03 08:15 PM
28
8
cve
cve

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS...

6.1CVSS

6AI Score

0.001EPSS

2022-11-03 08:15 PM
26
8
cve
cve

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi...

9.8CVSS

9.3AI Score

0.003EPSS

2022-11-03 08:15 PM
27
6
cve
cve

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS...

6.1CVSS

6AI Score

0.001EPSS

2022-11-03 08:15 PM
30
8
cve
cve

CVE-2022-42751

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative...

8.8CVSS

8.5AI Score

0.001EPSS

2022-11-03 06:15 PM
21
2
cve
cve

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the...

8.8CVSS

8.6AI Score

0.003EPSS

2022-11-03 06:15 PM
24
6
cve
cve

CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via...

6.5CVSS

6.6AI Score

0.001EPSS

2022-08-18 08:15 PM
32
5
cve
cve

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser...

8.8CVSS

8.6AI Score

0.001EPSS

2020-02-22 10:15 PM
74