@factor/plugin-forum@1.3.8 vulnerabilities
Factor forum is a powerful forum solution for your factor app. This plugin comes with essential elements to run an efficient and professional community.
-
latest version
1.8.28
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
4 years ago
-
licenses detected
- >=1.1.42 <1.8.28
Direct Vulnerabilities
Known vulnerabilities in the @factor/plugin-forum package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=1.3.3
|
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=1.3.8
|
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. How to fix Cross-site Scripting (XSS)? There is no fixed version for |
>=1.3.5
|