HomePentest-Tools.com Logo

CandidATS 3.0.0 - Cross-Site Scripting. CVE-2022-42747

Severity
CVSSv3 Score
6.1
Vulnerability description

CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n

Risk description

No risk description to display.

Recommendation

To mitigate this vulnerability, it is recommended to apply the latest security patch or upgrade to a non-vulnerable version of CandidATS.

Codename
Not available
Detectable with
Network Scanner
Scan engine
Nuclei
Exploitable with Sniper
No
CVE Published
Nov 3, 2022
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available