CVE-2021-25982
- EPSS 1.39%
- Veröffentlicht 16.11.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:43
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal ...
CVE-2021-25983
- EPSS 1.39%
- Veröffentlicht 16.11.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:43
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript...
CVE-2021-25984
- EPSS 1.39%
- Veröffentlicht 16.11.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:43
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the sessio...
CVE-2021-25985
- EPSS 0.17%
- Veröffentlicht 16.11.2021 10:15:07
- Zuletzt bearbeitet 21.11.2024 05:55:44
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have a...