CVE-2022-42744 - How a Simple entriesPerPage Parameter Exposed CandidATS 3.. to SQL Injection and Unrestricted Database Operations
In the world of recruitment software, security doesn’t always get the spotlight it deserves. CandidATS—an open-source applicant tracking system—made headlines after
CVE-2022-42748 - XSS in CandidATS 3.. lets Attackers Steal User Cookies via ‘sortDirection’
In November 2022, a vulnerability (CVE-2022-42748) was identified in CandidATS version 3.. – a popular open-source applicant tracking system. This bug lets external
CVE-2022-42747 - How a Simple XSS in CandidATS 3.. Lets Hackers Steal Your Cookies
CVE-2022-42747 is a security vulnerability in CandidATS, an open source applicant tracking system, version 3... The problem? It fails to properly validate some
CVE-2022-42745 - How XXE Bugs in CandidATS 3.. Allow Hackers to Steal Any File
CandidATS is an open source applicant tracking system, often used by businesses to manage resumes and job applications. In version 3.., though, a serious security
CVE-2022-42751 - How a CSRF Vulnerability in CandidATS 3.. Lets Attackers Get Admin Access
CVE-2022-42751 affects CandidATS, an open-source applicant tracking system used by HR departments for managing job applications. This post will break down how
Episode
00:00:00
00:00:00