Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Cvelist
Cvelistadded 2021/11/16 9:45 a.m.17 views

CVE-2021-25985 FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover

In Factor App Framework & Headless CMS v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an...

7.8CVSS9AI score0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2021/11/16 9:45 a.m.10 views

CVE-2021-25985 FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover

In Factor App Framework & Headless CMS v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This makes it possible for an...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2021/11/16 9:45 a.m.6 views

CVE-2021-25984 FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting XSS at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS5.9AI score0.01511EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2021/11/16 9:45 a.m.6 views

CVE-2021-25983 FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS6.2AI score0.01511EPSS
Exploits0References2
Cvelist
Cvelistadded 2021/11/16 9:45 a.m.9 views

CVE-2021-25983 FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality

In Factor App Framework & Headless CMS forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS6.2AI score0.01511EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2021/11/16 9:45 a.m.3 views

CVE-2021-25982 FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality

In Factor App Framework & Headless CMS forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting XSS at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies...

6.1CVSS6.2AI score0.01511EPSS
Exploits0References2
Rows per page
Query Builder