CandidATS version 3.0.0 allows an external malicious user to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
auieo candidats 3.0.0 |