Candidats Security Vulnerabilities and Issues — Candidats CVE List

Lucene search

AuieoCandidats

9 matches found

CVE•added 2020/02/22 10:15 p.m.•82 views

CVE-2020-9341

CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI.

8.8CVSS8.6AI score0.00405EPSS

CVE•added 2022/11/03 8:15 p.m.•51 views

CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

6.1CVSS6AI score0.03096EPSS

CVE•added 2022/08/18 8:15 p.m.•47 views

CVE-2022-25228

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via th...

6.5CVSS6.6AI score0.00423EPSS

CVE•added 2022/11/03 8:15 p.m.•47 views

CVE-2022-42749

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

6.1CVSS6AI score0.03096EPSS

CVE•added 2022/11/03 8:15 p.m.•46 views

CVE-2022-42748

CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

6.1CVSS6AI score0.03096EPSS

CVE•added 2022/11/03 8:15 p.m.•44 views

CVE-2022-42744

CandidATS version 3.0.0 allows an external attacker to perform CRUD operations on the application databases. This is possible because the application does not correctly validate the entriesPerPage parameter against SQLi attacks.

9.8CVSS9.3AI score0.0028EPSS

CVE•added 2022/11/03 8:15 p.m.•41 views

CVE-2022-42746

CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

6.1CVSS6AI score0.06032EPSS

CVE•added 2022/11/03 6:15 p.m.•41 views

CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.

8.8CVSS8.6AI score0.00331EPSS

CVE•added 2022/11/03 6:15 p.m.•32 views

CVE-2022-42751

CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. This is possible because the application suffers from CSRF. This allows to persuade an administrator to create a new account with administrative permissions.

8.8CVSS8.5AI score0.00073EPSS