Security for everyone

CVE-2022-42746 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in CandidATS affects v. 3.0.0.


Short Info



Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one




CandidATS is an open-source web-based applicant tracking system used by small to medium-sized recruitment agencies and HR departments to manage their hiring process. The platform allows users to post job openings, screen resumes, schedule interviews, and manage candidate information, among other features. With its user-friendly interface and customizable settings, CandidATS has become a popular choice for businesses looking to streamline their recruitment efforts.

Recently, a serious vulnerability was discovered in CandidATS version 3.0.0. The vulnerability, CVE-2022-42746, allows an external attacker to steal the cookie of arbitrary users. This is due to the application's failure to properly validate user input against XSS attacks. As a result, malicious actors can exploit this weakness to launch cross-site scripting attacks, compromising the security of the platform and information stored within CandidATS.

When exploited, this vulnerability can lead to a wide range of detrimental outcomes, including the theft of sensitive data and personal information of both the platform's users and candidates. This could, in turn, result in severe reputational damage for businesses using CandidATS, regulatory repercussions, and legal consequences. In addition, cybercriminals can use this information for phishing attacks, identity theft, and further exploitation of other individuals and companies.

Fortunately, those who read this article can easily and quickly learn about vulnerabilities in their digital assets using the pro features of the platform. With advanced scanning tools and automatic notifications of new vulnerabilities, businesses can stay on top of potential threats and take action to protect their systems and data from attacks. By prioritizing cybersecurity measures and investing in top-notch protection, CandidATS users can safeguard their recruitment efforts and avoid costly data breaches.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture