Vulnerabilities > Darwin

DATE CVE VULNERABILITY TITLE RISK
2021-11-16 CVE-2021-25982 Cross-site Scripting vulnerability in Darwin Factor
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL.
network
low complexity
darwin CWE-79
6.1
6.1
2021-11-16 CVE-2021-25983 Cross-site Scripting vulnerability in Darwin Factor
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL.
network
low complexity
darwin CWE-79
6.1
6.1
2021-11-16 CVE-2021-25984 Cross-site Scripting vulnerability in Darwin Factor
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section.
network
low complexity
darwin CWE-79
6.1
6.1
2021-11-16 CVE-2021-25985 Insufficient Session Expiration vulnerability in Darwin Factor
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application.
network
low complexity
darwin CWE-613
critical
 9.8
9.8
2008-03-04 CVE-2008-1148 A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) DNS transaction IDs or (2) IP fragmentation IDs by observing a sequence of previously generated values. 6.8
6.8
2008-03-04 CVE-2008-1146 A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka "Algorithm X3"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. 6.8
6.8