2 matches found
CVE-2021-25985
In Factor App Framework & Headless CMS v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an...
CVE-2021-25985
In Factor (App Framework & Headless CMS) from v1.0.4 through v1.8.30, the vulnerability stems from improperly invalidating a user session after logout and storing sessions in browser local storage (which has no expiration). This enables an attacker to steal and reuse session data via XSS, potenti...