Vulnerabilities > Darwin > Factor > 1.8.20
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-16 | CVE-2021-25982 | Cross-site Scripting vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. | 6.1 |
| 2021-11-16 | CVE-2021-25983 | Cross-site Scripting vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. | 6.1 |
| 2021-11-16 | CVE-2021-25984 | Cross-site Scripting vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. | 6.1 |
| 2021-11-16 | CVE-2021-25985 | Insufficient Session Expiration vulnerability in Darwin Factor In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. | 9.8 |