CVE-2026-38569

Name of the Vulnerable Software and Affected Versions HireFlow version 1.2

Description Cross Site Scripting (XSS) occurs in candidate detail.html. The issue is triggered via the 'Resume' or 'Feedback Comment' fields through the endpoints "/candidates/add" and "/feedback/add". XSS is a flaw that allows an attacker to inject malicious scripts into web pages viewed by other users.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.