CVE-2022-42745 Exploiting XXE in CandidATS 3.. to Read Arbitrary Files
CandidATS, an open source Applicant Tracking System, is widely used by organizations to manage the recruitment process. Recently, a security vulnerability, CVE-2022-42745, has been discovered
CVE-2022-42747: Unauthenticated XSS Vulnerability in CandidATS 3.. through 'sortBy' of the 'ajax.php' Resource
A critical security vulnerability has been identified in CandidATS version 3... This vulnerability (CVE-2022-42747) allows an unauthenticated external attacker to steal the cookie of arbitrary
CVE-2022-42748: Cross-Site Scripting Vulnerability in CandidATS 3..'s 'sortDirection' Parameter in 'ajax.php'
A recent vulnerability, identified as CVE-2022-42748, found in CandidATS version 3.. on the 'sortDirection' parameter of the 'ajax.php' resource, allows
"CVE-2022-42744: Unrestricted CRUD Operations in CandidATS 3.. Leads to Database Compromise"
Overview: CandidATS version 3.. has a security vulnerability that allows external attackers to perform Create, Read, Update, and Delete (CRUD) operations on application databases. The
CVE-2022-42750: Cookie Theft Vulnerability in CandidATS v3.. due to Improper File Validation
CandidATS, a popular open-source applicant tracking system, is widely used by recruiters and businesses to manage their hiring process. A serious vulnerability (CVE-2022-42750) has been
Episode
00:00:00
00:00:00