In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Mend
Published: 2021-11-16T09:45:16
Updated: 2021-11-16T09:45:16
Reserved: 2021-01-22T00:00:00
Link: CVE-2021-25983
JSON object: View
NVD Information
Status : Modified
Published: 2021-11-16T10:15:07.057
Modified: 2023-11-07T03:31:32.900
Link: CVE-2021-25983
JSON object: View
Redhat Information
No data.
CWE