Medium severity6.1NVD Advisory· Published Nov 3, 2022· Updated Jun 17, 2026
CVE-2022-42749
CVE-2022-42749
Description
CandidATS version 3.0.0 on 'page' of the 'ajax.php' resource, allows an external attacker to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CandidATS/CandidATSdescription
Patches
Vulnerability mechanics
References
2- fluidattacks.com/advisories/modestep/nvdExploitThird Party Advisory
- candidats.netnvdProduct
News mentions
0No linked articles in our index yet.