CVE-2026-38569

Published: Mag 11, 2026 Last Modified: Mag 11, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,4

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

https://github.com/hijackedamygdala/CVE-Disclosures/tree/ma…

https://github.com/hijackedamygdala/CVE-Disclosures/tree/main/HireFlow/CVE-2026…

https://github.com/StratonWebDesigners/HireFlow

https://www.sourcecodester.com/python/18688/hireflow-%E2%80…

https://www.sourcecodester.com/python/18688/hireflow-%E2%80%93-complete-intervi…

CVE-2026-38569

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Common Consequences

Applicable Platforms

Iscriviti alla newsletter