@factor/plugin-forum/.../plugin-forum@1.5.0 vulnerabilities
Factor forum is a powerful forum solution for your factor app. This plugin comes with essential elements to run an efficient and professional community.
latest version
1.8.28
latest non vulnerable version
first published
4 years ago
latest version published
4 years ago
licenses detected
- >=1.1.42 <1.8.28
Direct Vulnerabilities
Known vulnerabilities in the @factor/plugin-forum package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. How to fix Cross-site Scripting (XSS)? There is no fixed version for | >=1.3.3 |
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? There is no fixed version for | >=1.3.8 |
@factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. How to fix Cross-site Scripting (XSS)? There is no fixed version for | >=1.3.5 |