Cross-Site Scripting vulnerability in KeystoneJS prior to 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
keystonejs keystone |
||
keystonejs keystone 4.0.0 |