CVE-2021-25983

In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:darwin:factor:*:*:*:*:*:node.js:*:*

Information

Published : 2021-11-16 02:15

Updated : 2021-11-17 09:46


NVD link : CVE-2021-25983

Mitre link : CVE-2021-25983


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

darwin

  • factor