Moderate severity vulnerability that affects keystone

2017-11-16T01:47:02
ID GHSA-7CV6-GVX3-M54M
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:00

Description

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.