8 matches found
CVE-2026-38569
HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...
PT-2026-39657
HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidate detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...
CVE-2026-38569
HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...
HireFlow 跨站脚本漏洞
HireFlow is an online interview management platform developed by StratonWebDesigners as a personal developer project. Version 1.2 of HireFlow contains a cross-site scripting vulnerability. This vulnerability stems from the Resume or Feedback Comment fields in the candidatedetail.html file, where...
CVE-2026-38569
HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...
CVE-2026-38569
HireFlow v1.2 is vulnerable to Cross Site Scripting XSS in candidatedetail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add...
CVE-2026-38569
CVE-2026-38569 affects HireFlow v1.2. The vulnerability is a Cross Site Scripting (XSS) flaw in candidate_detail.html that can be triggered via the Resume or Feedback Comment fields when submitting through POST /candidates/add or POST /feedback/add. The underlying issue is an XSS in the candidate...
CVE-2026-4758
The CVE-2026-4758 entry concerns the WordPress plugin WP Job Portal . Affected versions include all up to and including 2.4.9 , where insufficient file path validation in the function WPJOBPORTALcustomfields::removeFileCustom enables an authenticated user with at least Subscriber-level access to ...