101 matches found
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
CandidATS 3.0.0 - Cross-Site Scripting
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the indexFile parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
CandidATS 3.0.0 - Cross-Site Scripting.
CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
CVE-2022-42746
CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-42751
CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions...
CVE-2022-42747
CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-42745
CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...
EUVD-2020-30162
Malware in sbrugna...
EUVD-2022-45807
Malicious code in bioql PyPI...
EUVD-2022-45809
Malicious code in bioql PyPI...
EUVD-2022-45811
Malicious code in bioql PyPI...
EUVD-2022-45814
Malicious code in bioql PyPI...
EUVD-2022-29927
Malicious code in bioql PyPI...
EUVD-2022-45810
Malicious code in bioql PyPI...
EUVD-2022-45813
Malicious code in bioql PyPI...
CVE-2022-42748
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...
CVE-2022-25228
CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings=show' via the 'userID' parameter, in '/index.php?m=candidates=show' via the 'candidateID', in '/index.php?m=joborders=show' via the 'jobOrderID' and '/index.php?m=companies=show' via the...
CVE-2022-42750
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user...
CVE-2022-42744
CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...