Lucene search
K

5 matches found

NVD
NVD
added 2022/11/03 8:15 p.m.19 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.1 views

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

7.5CVSS5.9AI score0.00804EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 6:15 p.m.4 views

CVE-2022-42751

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions...

8.8CVSS5.8AI score0.00422EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/11/03 12:0 a.m.7 views

PT-2022-26536 · Candidats · Candidats

Name of the Vulnerable Software and Affected Versions: CandidATS version 3.0.0 Description: The issue allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not properly validate user input against XSS attacks, specifically on the...

6.1CVSS6.1AI score0.01117EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/08/18 8:15 p.m.3 views

CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via...

6.5CVSS6.7AI score0.00844EPSS
Exploits1References3
Rows per page
Query Builder