Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
keystonejs keystone 4.0.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-16570
KeystoneJS prior to 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. In other words, it fails to reject requests that lack an x-csrf-token header.
Keystonejs Keystone
1 EDB exploit
4.8
CVSSv3
CVE-2017-15881
Cross-Site Scripting vulnerability in KeystoneJS prior to 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
Keystonejs Keystone
Keystonejs Keystone 4.0.0
6.1
CVSSv3
CVE-2017-15878
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS prior to 4.0.0-beta.7 via the Contact Us feature.
Keystonejs Keystone
1 EDB exploit
8.8
CVSSv3
CVE-2017-15879
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS prior to 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Keystonejs Keystone
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started