Vulnerabilities > Auieo > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-42750 | Cross-site Scripting vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. | 8.8 |
| 2022-11-03 | CVE-2022-42751 | Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 allows an external attacker to elevate privileges in the application. | 8.8 |
| 2020-02-22 | CVE-2020-9341 | Cross-Site Request Forgery (CSRF) vulnerability in Auieo Candidats 2.1.0 CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator account to be added via the index.php?m=settings&a=addUser URI. | 8.8 |