• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-79

CVE-2022-42746

February 23, 2023 by godfreyd94

CandidATS version 3.0.0 on ‘indexFile’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

CVE-2022-42747

February 23, 2023 by godfreyd94

CandidATS version 3.0.0 on ‘sortBy’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

CVE-2022-42748

February 23, 2023 by godfreyd94

CandidATS version 3.0.0 on ‘sortDirection’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

CVE-2022-42749

February 23, 2023 by godfreyd94

CandidATS version 3.0.0 on ‘page’ of the ‘ajax.php’ resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

CVE-2022-42750

February 23, 2023 by godfreyd94

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.

CVE-2022-42753

February 23, 2023 by godfreyd94

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 1785
  • Go to page 1786
  • Go to page 1787
  • Go to page 1788
  • Go to page 1789
  • Interim pages omitted …
  • Go to page 2216
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE