@factor/plugin-forum/.../plugin-forum@1.6.3 vulnerabilities

Factor forum is a powerful forum solution for your factor app. This plugin comes with essential elements to run an efficient and professional community.

  • latest version

    1.8.28

  • latest non vulnerable version

  • first published

    4 years ago

  • latest version published

    4 years ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @factor/plugin-forum package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    @factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for @factor/plugin-forum.

    >=1.3.3
    • M
    Cross-site Scripting (XSS)

    @factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the tags and category parameters in the URL.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for @factor/plugin-forum.

    >=1.3.8
    • M
    Cross-site Scripting (XSS)

    @factor/plugin-forum is a powerful forum solution for a Factor app. This plugin comes with essential elements to run an efficient and professional community.

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies.

    How to fix Cross-site Scripting (XSS)?

    There is no fixed version for @factor/plugin-forum.

    >=1.3.5