Lucene search
+L

101 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:12 p.m.6 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS6.1AI score0.01071EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:43 p.m.7 views

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings=addUser URI...

8.8CVSS6.9AI score0.00598EPSS
Exploits1References1
NVD
NVD
added 2022/11/03 8:15 p.m.21 views

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

9.8CVSS0.01197EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.7 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.22 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01117EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.4 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score0.01117EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.5 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.4 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS5.9AI score0.01071EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.2 views

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

7.5CVSS5.9AI score0.00804EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.19 views

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

7.5CVSS0.00804EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.23 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.19 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
NVD
NVD
added 2022/11/03 8:15 p.m.15 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

6.1CVSS0.01071EPSS
Exploits1References2
OSV
OSV
added 2022/11/03 8:15 p.m.6 views

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks...

9.8CVSS5.8AI score0.01197EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/11/03 8:15 p.m.3 views

CVE-2022-42745

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

7.5CVSS5.9AI score0.00804EPSS
Exploits1References3
Prion
Prion
added 2022/11/03 8:15 p.m.18 views

Cross site scripting

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.19 views

Cross site scripting

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.25 views

Xxe

CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE...

5CVSS7.4AI score0.00804EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.20 views

Cross site scripting

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01117EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/03 8:15 p.m.23 views

Cross site scripting

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder