Security for everyone

CVE-2022-42748 Scanner

Detects 'Cross-Site Scripting (XSS)' vulnerability in CandidATS affects v. 3.0.0.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one


Parent Category

CVE-2022-42748 Scanner Detail

CandidATS is a web-based recruitment management system designed to streamline and centralize the hiring process. It offers a range of features, including resume parsing, job management, candidate tracking, and collaboration tools. CandidATS is used by HR professionals and recruiters to simplify their workflows and improve their overall productivity. However, a recently discovered vulnerability in the system has raised concerns regarding the security of user data.

The CVE-2022-42748 vulnerability detected in CandidATS version 3.0.0 exposes the application to cross-site scripting (XSS) attacks. Specifically, an external attacker can exploit the 'sortDirection' parameter in the 'ajax.php' resource to steal the cookie of any user accessing the system. As CandidATS fails to properly validate user input against XSS attacks, an attacker can inject malicious code into the system and execute it as part of a crafted request, thereby gaining unauthorized access to sensitive data.

When exploited, the CVE-2022-42748 vulnerability can lead to severe consequences for users of CandidATS. Attackers can use stolen cookies to hijack user sessions, which may contain sensitive information such as login credentials, personal data, and private notes on job candidates. This puts user data at risk of theft and compromise, which can lead to reputation damage, legal repercussions, and financial loss.

At, we provide a range of pro features that enable users to quickly and easily identify vulnerabilities in their digital assets. Our platform offers automated vulnerability scanning, risk assessment, and remediation guidance, all in one integrated solution. With, you can be confident that your online presence is protected against the latest threats and vulnerabilities.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture