Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
| Software | From | Fixed in |
|---|---|---|
| keystonejs / keystone | - | 0.3.22.x |
| keystonejs / keystone | 4.0.0 | 4.0.0.x |
| keystonejs / keystone | 4.0.0-beta1 | 4.0.0-beta1.x |
| keystonejs / keystone | 4.0.0-beta2 | 4.0.0-beta2.x |
| keystonejs / keystone | 4.0.0-beta3 | 4.0.0-beta3.x |
| keystonejs / keystone | 4.0.0-beta4 | 4.0.0-beta4.x |
| keystonejs / keystone | 4.0.0-beta5 | 4.0.0-beta5.x |
keystone
|
- | 4.0.0-beta7 |
- http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
- http://www.securityfocus.com/bid/101541
- https://github.com/keystonejs/keystone/issues/4437
- https://github.com/keystonejs/keystone/pull/4478
- https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
- https://www.npmjs.com/advisories/981