FACTION, a penetration testing report generation and collaboration framework, contains a stored cross-site scripting (XSS) vulnerability in versions prior to 1.8.3. The flaw exists in assessment file preview flows where user-supplied attachment filenames are persisted to the server and subsequently rendered into HTML and attribute contexts without proper output encoding. Because the malicious payload is s [truncated]
FACTION PenTesting Report Generation and Collaboration Framework versions prior to 1.8.3 contain a stored cross-site scripting (XSS) vulnerability in remediation verification file preview flows. User-supplied attachment filenames are persisted server-side and subsequently rendered into HTML and attribute contexts without proper output encoding. This allows attacker-controlled JavaScript to execute in brow [truncated]
