CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-42750

CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the files uploaded by the user.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 57.2%

CVSS Severity

CVSS v3 Score 8.8

References

https://candidats.net/
https://fluidattacks.com/advisories/castles/
https://candidats.net/
https://fluidattacks.com/advisories/castles/

Products affected by CVE-2022-42750

Auieo » Candidats » Version: 3.0.0

cpe:2.3:a:auieo:candidats:3.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-42750

Products

Pricing

Contact Us