Vulnerability Details CVE-2021-25983
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 81.3%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- https://github.com/FactorJS/factor/blob/v1.8.30/%40plugins/plugin-forum/topic-list.vue#L141-L143
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25983
- https://github.com/FactorJS/factor/blob/v1.8.30/%40plugins/plugin-forum/topic-list.vue#L141-L143
- https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25983
Products affected by CVE-2021-25983
-
cpe:2.3:a:darwin:factor:1.3.10
-
cpe:2.3:a:darwin:factor:1.3.11
-
cpe:2.3:a:darwin:factor:1.3.12
-
cpe:2.3:a:darwin:factor:1.3.8
-
cpe:2.3:a:darwin:factor:1.3.9
-
cpe:2.3:a:darwin:factor:1.4.0
-
cpe:2.3:a:darwin:factor:1.4.1
-
cpe:2.3:a:darwin:factor:1.4.10
-
cpe:2.3:a:darwin:factor:1.4.11
-
cpe:2.3:a:darwin:factor:1.4.2
-
cpe:2.3:a:darwin:factor:1.4.3
-
cpe:2.3:a:darwin:factor:1.4.4
-
cpe:2.3:a:darwin:factor:1.4.5
-
cpe:2.3:a:darwin:factor:1.4.6
-
cpe:2.3:a:darwin:factor:1.4.7
-
cpe:2.3:a:darwin:factor:1.4.8
-
cpe:2.3:a:darwin:factor:1.4.9
-
cpe:2.3:a:darwin:factor:1.5.0
-
cpe:2.3:a:darwin:factor:1.5.1
-
cpe:2.3:a:darwin:factor:1.5.10
-
cpe:2.3:a:darwin:factor:1.5.11
-
cpe:2.3:a:darwin:factor:1.5.12
-
cpe:2.3:a:darwin:factor:1.5.13
-
cpe:2.3:a:darwin:factor:1.5.14
-
cpe:2.3:a:darwin:factor:1.5.15
-
cpe:2.3:a:darwin:factor:1.5.16
-
cpe:2.3:a:darwin:factor:1.5.17
-
cpe:2.3:a:darwin:factor:1.5.18
-
cpe:2.3:a:darwin:factor:1.5.19
-
cpe:2.3:a:darwin:factor:1.5.2
-
cpe:2.3:a:darwin:factor:1.5.20
-
cpe:2.3:a:darwin:factor:1.5.21
-
cpe:2.3:a:darwin:factor:1.5.22
-
cpe:2.3:a:darwin:factor:1.5.23
-
cpe:2.3:a:darwin:factor:1.5.24
-
cpe:2.3:a:darwin:factor:1.5.25
-
cpe:2.3:a:darwin:factor:1.5.26
-
cpe:2.3:a:darwin:factor:1.5.27
-
cpe:2.3:a:darwin:factor:1.5.28
-
cpe:2.3:a:darwin:factor:1.5.29
-
cpe:2.3:a:darwin:factor:1.5.3
-
cpe:2.3:a:darwin:factor:1.5.30
-
cpe:2.3:a:darwin:factor:1.5.4
-
cpe:2.3:a:darwin:factor:1.5.5
-
cpe:2.3:a:darwin:factor:1.5.6
-
cpe:2.3:a:darwin:factor:1.5.7
-
cpe:2.3:a:darwin:factor:1.5.8
-
cpe:2.3:a:darwin:factor:1.5.9
-
cpe:2.3:a:darwin:factor:1.6.0
-
cpe:2.3:a:darwin:factor:1.6.1
-
cpe:2.3:a:darwin:factor:1.6.2
-
cpe:2.3:a:darwin:factor:1.6.3
-
cpe:2.3:a:darwin:factor:1.7.0
-
cpe:2.3:a:darwin:factor:1.7.1
-
cpe:2.3:a:darwin:factor:1.7.10
-
cpe:2.3:a:darwin:factor:1.7.2
-
cpe:2.3:a:darwin:factor:1.7.3
-
cpe:2.3:a:darwin:factor:1.7.4
-
cpe:2.3:a:darwin:factor:1.7.5
-
cpe:2.3:a:darwin:factor:1.7.6
-
cpe:2.3:a:darwin:factor:1.7.7
-
cpe:2.3:a:darwin:factor:1.7.8
-
cpe:2.3:a:darwin:factor:1.7.9
-
cpe:2.3:a:darwin:factor:1.8.0
-
cpe:2.3:a:darwin:factor:1.8.1
-
cpe:2.3:a:darwin:factor:1.8.10
-
cpe:2.3:a:darwin:factor:1.8.11
-
cpe:2.3:a:darwin:factor:1.8.12
-
cpe:2.3:a:darwin:factor:1.8.13
-
cpe:2.3:a:darwin:factor:1.8.14
-
cpe:2.3:a:darwin:factor:1.8.15
-
cpe:2.3:a:darwin:factor:1.8.16
-
cpe:2.3:a:darwin:factor:1.8.17
-
cpe:2.3:a:darwin:factor:1.8.18
-
cpe:2.3:a:darwin:factor:1.8.19
-
cpe:2.3:a:darwin:factor:1.8.2
-
cpe:2.3:a:darwin:factor:1.8.20
-
cpe:2.3:a:darwin:factor:1.8.21
-
cpe:2.3:a:darwin:factor:1.8.22
-
cpe:2.3:a:darwin:factor:1.8.23
-
cpe:2.3:a:darwin:factor:1.8.24
-
cpe:2.3:a:darwin:factor:1.8.25
-
cpe:2.3:a:darwin:factor:1.8.26
-
cpe:2.3:a:darwin:factor:1.8.27
-
cpe:2.3:a:darwin:factor:1.8.28
-
cpe:2.3:a:darwin:factor:1.8.29
-
cpe:2.3:a:darwin:factor:1.8.3
-
cpe:2.3:a:darwin:factor:1.8.30
-
cpe:2.3:a:darwin:factor:1.8.4
-
cpe:2.3:a:darwin:factor:1.8.5
-
cpe:2.3:a:darwin:factor:1.8.6
-
cpe:2.3:a:darwin:factor:1.8.7
-
cpe:2.3:a:darwin:factor:1.8.8
-
cpe:2.3:a:darwin:factor:1.8.9