CVE-2026-44667— Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering
Possible ATT&CK Techniques 3AI
T1071 · Application Layer Protocol T1059 · Command and Scripting Interpreter T1189 · Drive-by CompromiseAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| factionsecurity | faction | < 1.8.3 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44667
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering
Source: NVD (National Vulnerability Database)
Vulnerability Description
FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and attribute contexts without output encoding, allowing attacker-controlled JavaScript to execute in the browser of any user who opens the affected verification/remediation views. Because the payload is stored server-side and rendered to other users, exploitation is persistent and can impact privileged accounts. This vulnerability is fixed in 1.8.3.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| factionsecurity | faction | < 1.8.3 | - |
II. Public POCs for CVE-2026-44667
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
Qwen3.6-35B-A3B · 6965 chars
Paid plan includes:
In-depth vulnerability mechanism
Trigger conditions & impact
Full executable POC code
Exploit chain & mitigation
POC zip download
100+ AI POC generations per month
III. Intelligence Information for CVE-2026-44667
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44667 (1)
Other References for CVE-2026-44667 (1)
Same Patch Batch · factionsecurity · 2026-05-26 · 3 CVEs total
| CVE-2026-44668 | 9.8 CRITICAL | Faction: Unauthenticated Read, Modify, and Delete of Boilerplate Templates |
| CVE-2026-44669 | 8.7 HIGH | Faction: Stored XSS in Assessment Attachment Filename Preview Rendering |
IV. Related Vulnerabilities
Same product: faction
Same vendor: factionsecurity
Same weakness: CWE-79
- CVE-2026-42877
FacturaScripts: Stored XSS via product reference in sales/pu - CVE-2026-42197
RELATE Vulnerable to Stored XSS via Unprivileged User Profil - CVE-2026-46426
Budibase: Unrestricted Upload of File with Dangerous Type - CVE-2026-48149
Budibase: Stored XSS in Text component: BASIC users execute - CVE-2026-49044
WordPress Advanced Custom Fields: Font Awesome Field plugin
V. Comments for CVE-2026-44667
No comments yet