A vulnerability was found in HireFlow 1.2 . It has been classified as problematic . The affected element is an unknown function of the file candidate_detail.html . This manipulation causes cross site scripting. This vulnerability is handled as CVE-2026-38569 . The attack can be initiated remotely. There is not any exploit available.