CVE-2026-38569

HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.

More information : https://github.com/StratonWebDesigners/HireFlow