Vulnerability Description
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Keystonejs | Keystone | <= 0.3.22 |
Related Weaknesses (CWE)
References
- http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/Issue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/101541Third Party AdvisoryVDB Entry
- https://github.com/keystonejs/keystone/issues/4437Issue TrackingThird Party Advisory
- https://github.com/keystonejs/keystone/pull/4478Issue TrackingPatchThird Party Advisory
- http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/Issue TrackingThird Party Advisory
- http://www.securityfocus.com/bid/101541Third Party AdvisoryVDB Entry
- https://github.com/keystonejs/keystone/issues/4437Issue TrackingThird Party Advisory
- https://github.com/keystonejs/keystone/pull/4478Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2017-15881?
CVE-2017-15881 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" fie...
How severe is CVE-2017-15881?
CVE-2017-15881 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-15881?
Check the references section above for vendor advisories and patch information. Affected products include: Keystonejs Keystone.