CVE-2022-42749

Severity CVSS v4.0:
Pending analysis
Type:
CWE-79 Cross-Site Scripting (XSS)
Publication date:
03/11/2022
Last modified:
05/05/2025

Description

CandidATS version 3.0.0 on &amp;#39;page&amp;#39; of the &amp;#39;ajax.php&amp;#39; resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.<br /> <br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*