logo
Vulnerability feed
CONTRIBUTE

Vulnerability

warn

CVE-2022-42748

Reference to the description:

https://nvd.nist.gov/vuln/detail/CVE-2022-42748

Description:
CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Last updated date:
01/26/2023
Type:
exploit
Confidence:
HIGH
Date of publishing:
11/05/2022
Reference url to background

https://fluidattacks.com/advisories/jcole/

Type:
exploit
Confidence:
HIGH
Date of publishing:
01/26/2023
Vulnerability FeedContributorsAboutBlog

@inTheWild

©2024

Privacy Policy