Unknown · Firmware Analysis/Comparison Tool · CVE-2020-11499
**Name of the Vulnerable Software and Affected Versions**
Firmware Analysis and Comparison Tool (FACT) version 3
**Description**
The issue is related to Stored XSS when updating analysis details via a localhost web request. This is caused by the mishandling of the `tags` and `version` fields in the `helperFunctions/mongo task conversion.py` file.
**Recommendations**
For Firmware Analysis and Comparison Tool (FACT) version 3, consider restricting access to the `helperFunctions/mongo task conversion.py` file until a patch is available. As a temporary workaround, avoid using the `tags` and `version` fields in the affected API endpoint until the issue is resolved.