CVE-2021-25983

Name of the Vulnerable Software and Affected Versions Factor (App Framework & Headless CMS) forum plugin versions v1.3.8 through v1.8.30

Description The issue allows an unauthenticated attacker to execute malicious JavaScript code due to reflected Cross-Site Scripting (XSS) at the tags and category parameters in the URL, potentially leading to session cookie theft.

Recommendations For versions v1.3.8 through v1.8.30, as a temporary workaround, consider restricting access to the tags and category parameters in the URL until a patch is available. Avoid using these parameters in URLs to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.