CVE-2022-42748
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
03/11/2022
Last modified:
05/05/2025
Description
CandidATS version 3.0.0 on &#39;sortDirection&#39; of the &#39;ajax.php&#39; resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.<br />
<br />
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



