Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystonejs keystone 4.0.0 vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2017-16570
KeystoneJS prior to 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
Keystonejs Keystone
1 EDB exploit
312
VMScore
CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS prior to 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
Keystonejs Keystone
Keystonejs Keystone 4.0.0
685
VMScore
CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS prior to 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Keystonejs Keystone
1 EDB exploit
435
VMScore
CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS prior to 4.0.0-beta.7 via the Contact Us feature.
Keystonejs Keystone
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started