CVE-2017-15881

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

CVE-2017-15881

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

CVE-2017-15881

Technical details for CVE-2017-15881 are not publicly available in the provided documents. Monitor for updates.

CVE-2017-15878

A cross-site scripting XSS vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature...

Design/Logic Flaw

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15878

A cross-site scripting XSS vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature...

Cross site scripting

A cross-site scripting XSS vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15879

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

CVE-2017-15878

A cross-site scripting XSS vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature...

CVE-2017-15878

KeystoneJS prior to 4.0.0-beta.7 contains a cross-site scripting (XSS) flaw in fields/types/markdown/MarkdownType.js exposed via the Contact Us feature. Multiple sources (GHSA entry and exploit reports) describe this as an unauthenticated or remote-exploit path that can deliver arbitrary JavaScri...

CVE-2017-15879

CVE-2017-15879 affects KeystoneJS before 4.0.0-beta.7. The CSV injection vulnerability arises in the CSV export path via values mishandled in admin/server/api/download.js and lib/list/getCSVData.js, enabling Excel macro/formula injection. Documentation indicates the issue exists prior to version ...