CVE-2021-25982

Name of the Vulnerable Software and Affected Versions Factor (App Framework & Headless CMS) forum plugin versions 1.3.5 through 1.8.30

Description The issue allows an unauthenticated attacker to execute malicious JavaScript code and steal session cookies through reflected Cross-Site Scripting (XSS) at the search parameter in the URL.

Recommendations For versions 1.3.5 through 1.8.30, consider restricting access to the search parameter in the URL to minimize the risk of exploitation. As a temporary workaround, avoid using the search parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.