VYPR

Factor

by Factor

CVEs (3)

  • CVE-2021-25985HigNov 16, 2021
    risk 0.51cvss 7.8epss 0.01

    In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browser’s local storage, which by default does not have an expiration time. This…

  • CVE-2021-25983MedNov 16, 2021
    risk 0.40cvss 6.1epss 0.01

    In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the…

  • CVE-2021-25982MedNov 16, 2021
    risk 0.40cvss 6.1epss 0.01

    In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.