4 matches found
CVE-2021-25983
CVE-2021-25983 corresponds to a reflected Cross-Site Scripting (XSS) vulnerability in FactorJS’s forum plugin. The affected product is Factor (App Framework & Headless CMS) with the forum plugin versions v1.3.8 to v1.8.30. The underlying issue is XSS in the URL parameters “tags” and “category,” a...
CVE-2021-25984
CVE-2021-25984 affects Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3–v1.8.30. The root cause is stored XSS in the post reply functionality, allowing unauthenticated attackers to execute malicious JavaScript and steal session cookies. No remediation details are provided in th...
CVE-2021-25985
In Factor (App Framework & Headless CMS) from v1.0.4 through v1.8.30, the vulnerability stems from improperly invalidating a user session after logout and storing sessions in browser local storage (which has no expiration). This enables an attacker to steal and reuse session data via XSS, potenti...
CVE-2021-25982
CVE-2021-25982 affects FactorJS - Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30. The flaw is a reflected Cross-Site Scripting (XSS) vulnerability in the URL’s search parameter, allowing an unauthenticated attacker to inject and execute JavaScript and potentially ste...