Browse all 4 CVE security advisories affecting FactorJS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
FactorJS is a JavaScript framework for building web applications with a focus on simplicity and performance. Historically, it has been associated with vulnerabilities including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, primarily due to input validation flaws and insecure default configurations. The framework's lightweight nature and minimal abstraction can lead to security oversights if developers do not implement proper safeguards. While no major public security incidents have been widely reported, the four CVEs on record highlight recurring issues in input handling and access control. Organizations using FactorJS should prioritize regular updates and security reviews to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-25985 | FactorJS - Insufficient Session Expiration Leads to a Local Account Takeover — FactorCWE-613 | 7.8 | High | 2021-11-16 |
| CVE-2021-25984 | FactorJS - Stored Cross-Site Scripting (XSS) in Post Reply Functionality — FactorCWE-79 | 6.1 | Medium | 2021-11-16 |
| CVE-2021-25983 | FactorJS - Reflected Cross-Site Scripting (XSS) in Tags and Categories Functionality — FactorCWE-79 | 6.1 | Medium | 2021-11-16 |
| CVE-2021-25982 | FactorJS - Reflected Cross-Site Scripting (XSS) in Search Functionality — FactorCWE-79 | 6.1 | Medium | 2021-11-16 |
This page lists every published CVE security advisory associated with FactorJS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.