exploitDog

CVE-2022-42749

Опубликовано: 03 нояб. 2022

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

Ссылки

https://candidats.net/
Product
https://fluidattacks.com/advisories/modestep/
Exploit
Third Party Advisory
https://candidats.net/
Product
https://fluidattacks.com/advisories/modestep/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:auieo:candidats:3.0.0:-:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02714

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-8v8c-wrxg-38v2

CVSS3: 6.1

github

больше 3 лет назад

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

EPSS

Процентиль: 86%

0.02714

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

CWE-79