HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add.
https://github.com/hijackedamygdala/CVE-Disclosures/tree/main/HireFlow/CVE-2026-38569