Vulnerabilities > Darwin > Factor > 1.3.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-16 | CVE-2021-25984 | Cross-site Scripting vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. | 6.1 |
2021-11-16 | CVE-2021-25985 | Insufficient Session Expiration vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. | 9.8 |