Skip to main content

CVE-2022-42749

Description

CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.

NVD
Severity: MEDIUM
CVE ID: CVE-2022-42749
CVSS Score: 6.1
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2022-42749
Last updated on by Vulnerability_bot_v1.3.9