Vulnerabilities > Auieo > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2022-42746 | Cross-site Scripting vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. | 6.1 |
| 2022-11-03 | CVE-2022-42747 | Cross-site Scripting vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 on 'sortBy' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. | 6.1 |
| 2022-11-03 | CVE-2022-42748 | Cross-site Scripting vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 on 'sortDirection' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. | 6.1 |
| 2022-11-03 | CVE-2022-42749 | Cross-site Scripting vulnerability in Auieo Candidats 3.0.0 CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. | 6.1 |
| 2022-08-18 | CVE-2022-25228 | SQL Injection vulnerability in Auieo Candidats 3.0.0 CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | 6.5 |