CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-42747

CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.031

EPSS Ranking 86.4%

CVSS Severity

CVSS v3 Score 6.1

References

https://candidats.net/
https://fluidattacks.com/advisories/modestep/
https://candidats.net/
https://fluidattacks.com/advisories/modestep/

Products affected by CVE-2022-42747

Auieo » Candidats » Version: 3.0.0

cpe:2.3:a:auieo:candidats:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42747

Products

Pricing

Contact Us