Lucene search
K

4 matches found

Packet Storm
Packet Storm
added 2017/10/25 12:0 a.m.42 views

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

6AI score0.03415EPSS
Exploits5
exploitpack
exploitpack
added 2017/10/25 12:0 a.m.80 views

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform:...

4.3CVSS5.5AI score0.03415EPSS
Exploits5
Exploit DB
Exploit DB
added 2017/10/25 12:0 a.m.45 views

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

6.1CVSS5.6AI score0.03415EPSS
Exploits5
CVE
CVE
added 2017/10/24 9:0 p.m.79 views

CVE-2017-15878

KeystoneJS prior to 4.0.0-beta.7 contains a cross-site scripting (XSS) flaw in fields/types/markdown/MarkdownType.js exposed via the Contact Us feature. Multiple sources (GHSA entry and exploit reports) describe this as an unauthenticated or remote-exploit path that can deliver arbitrary JavaScri...

6.1CVSS5.2AI score0.03415EPSS
Exploits5References5Affected Software1
Rows per page
Query Builder