CVE-2021-25985
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a userβs session even after the user logs out of the application. In addition, user sessions are stored in the browserβs local storage, which by default does not have an expiration time. This makes it possible for an ...
