CandidATS version 3.0.0 on 'indexFile' of the 'ajax.php' resource, allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application application does not properly validate user input against XSS attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auieo candidats 3.0.0 |