Lucene search
K
DarwinFactor

4 matches found

CVE
CVE
added 2021/11/16 9:45 a.m.52 views

CVE-2021-25983

CVE-2021-25983 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in FactorJS’s forum plugin. The affected product is Factor (App Framework & Headless CMS) with the forum plugin versions v1.3.8 to v1.8.30. The underlying issue is XSS in the URL parameters “tags” and “category,” a...

6.1CVSS6AI score0.00691EPSS
CVE
CVE
added 2021/11/16 9:45 a.m.50 views

CVE-2021-25984

CVE-2021-25984 affects Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3–v1.8.30. The root cause is stored XSS in the post reply functionality, allowing unauthenticated attackers to execute malicious JavaScript and steal session cookies. No remediation details are provided in th...

6.1CVSS6AI score0.00691EPSS
CVE
CVE
added 2021/11/16 9:45 a.m.45 views

CVE-2021-25985

In Factor (App Framework & Headless CMS) from v1.0.4 through v1.8.30, the vulnerability stems from improperly invalidating a user session after logout and storing sessions in browser local storage (which has no expiration). This enables an attacker to steal and reuse session data via XSS, potenti...

9.8CVSS8.4AI score0.00755EPSS
CVE
CVE
added 2021/11/16 9:45 a.m.42 views

CVE-2021-25982

CVE-2021-25982 affects FactorJS - Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30. The flaw is a reflected Cross-Site Scripting (XSS) vulnerability in the URL’s search parameter, allowing an unauthenticated attacker to inject and execute JavaScript and potentially ste...

6.1CVSS6.1AI score0.00733EPSS