CVE-2026-44667

Name of the Vulnerable Software and Affected Versions FACTION versions prior to 1.8.3

Description Stored cross-site scripting (XSS) occurs via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and rendered into HTML and attribute contexts without output encoding, allowing attacker-controlled JavaScript to execute in the browser of any user who opens the affected verification or remediation views. Since the payload is stored server-side, the execution is persistent and can impact privileged accounts.

Recommendations Update to version 1.8.3.