@factor/plugin-forum@1.3.8 vulnerabilities

Factor forum is a powerful forum solution for your factor app. This plugin comes with essential elements to run an efficient and professional community.

Direct Vulnerabilities

Known vulnerabilities in the @factor/plugin-forum package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Cross-site Scripting (XSS)

@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for @factor/plugin-forum.

>=1.3.3
  • M
Cross-site Scripting (XSS)

@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the tags and category parameters in the URL.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for @factor/plugin-forum.

>=1.3.8
  • M
Cross-site Scripting (XSS)

@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for @factor/plugin-forum.

>=1.3.5