Lucene search
+L

53 matches found

osv
osv
added 2017/11/16 1:46 a.m.19 views

GHSA-6494-V9FQ-FGQ2 Keystone is vulnerable to CSV injection

CSV Injection aka Excel Macro Injection or Formula Injection exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export...

8.8CVSS8.7AI score0.07217EPSS
Exploits4References5
cnvd
cnvd
added 2017/11/07 12:0 a.m.7 views

KeystoneJS Cross-Site Request Forgery Vulnerability

KeystoneJS is an open source framework for developing database-driven websites, applications and APIs. A security vulnerability exists in versions of KeystoneJS prior to 4.0.0-beta.7. An attacker can exploit the vulnerability to bypass cross-site request forgery protection and perform unauthorize...

8.8CVSS6.8AI score0.02213EPSS
Exploits2References1
prion
prion
added 2017/11/06 8:29 a.m.10 views

Cross site request forgery (csrf)

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

6.8CVSS8.6AI score0.02213EPSS
Exploits2References4Affected Software1
nvd
nvd
added 2017/11/06 8:29 a.m.30 views

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

8.8CVSS8.7AI score0.02213EPSS
Exploits2References4
osv
osv
added 2017/11/06 8:29 a.m.14 views

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

8.8CVSS6.8AI score
Exploits0References4
cvelist
cvelist
added 2017/11/06 8:0 a.m.33 views

CVE-2017-16570

KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7KEYJS03. In other words, it fails to reject requests that lack an x-csrf-token header...

8.8AI score0.02213EPSS
Exploits2References4
cve
cve
added 2017/11/06 8:0 a.m.66 views

CVE-2017-16570

KeystoneJS vulnerability CVE-2017-16570 affects KeystoneJS before 4.0.0-beta.7. The issue is a Cross-Site Request Forgery (CSRF) bypass where requests can bypass CSRF protection by removing the CSRF parameter/value, effectively not rejecting requests that lack an X-CSRF-Token header. Public detai...

8.8CVSS8.6AI score0.02213EPSS
Exploits2References4Affected Software1
exploitpack
exploitpack
added 2017/10/25 12:0 a.m.81 views

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform:...

4.3CVSS5.5AI score0.03415EPSS
Exploits5
cnvd
cnvd
added 2017/10/25 12:0 a.m.6 views

KeystoneJS Cross-Site Scripting Vulnerability (CNVD-2017-32889)

KeystoneJS is an open source framework for developing database-driven websites, applications and APIs. A cross-site scripting vulnerability exists in the fields/types/markdown/MarkdownType.js file in versions of KeystoneJS prior to 4.0.0-beta.7. A remote attacker can exploit this vulnerability to...

6.1CVSS5.6AI score0.03415EPSS
Exploits5References1
packetstorm
packetstorm
added 2017/10/25 12:0 a.m.42 views

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

6AI score0.03415EPSS
Exploits5
exploitpack
exploitpack
added 2017/10/25 12:0 a.m.33 views

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...

6.8CVSS9AI score0.07217EPSS
Exploits4
zdt
zdt
added 2017/10/25 12:0 a.m.51 views

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vulnerability

KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated CSV injection vulnerability in admin/server/api/download.js and lib/list/getCSVData.js Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contac...

6.8CVSS0.1AI score0.07217EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.63 views

KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

8.8CVSS8.8AI score0.07217EPSS
Exploits4
exploitdb
exploitdb
added 2017/10/25 12:0 a.m.48 views

KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15878 Vendor Description...

6.1CVSS5.6AI score0.03415EPSS
Exploits5
zdt
zdt
added 2017/10/25 12:0 a.m.55 views

KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting Vulnerability

Exploit for jsp platform in category web applications Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS...

4.3CVSS5.9AI score0.03415EPSS
Exploits5
cnvd
cnvd
added 2017/10/25 12:0 a.m.6 views

KeystoneJS Cross-Site Scripting Vulnerability (CNVD-2017-32888)

KeystoneJS is an open source framework for developing database-driven websites, applications and APIs. A cross-site scripting vulnerability exists in versions of KeystoneJS prior to 4.0.0-beta.7. A remote attacker can exploit the vulnerability to inject arbitrary web script or HTML with the help ...

4.8CVSS4.7AI score0.01215EPSS
Exploits0References1
packetstorm
packetstorm
added 2017/10/25 12:0 a.m.51 views

KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection

Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated CSV Injection Vendor Homepage: http://keystonejs.com/ Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: WEBAPPS Platform: Node.js CVE: CVE-2017-15879 Vendor...

8.7AI score0.07217EPSS
Exploits4
cnvd
cnvd
added 2017/10/25 12:0 a.m.8 views

KeystoneJS CSV Injection Vulnerability

KeystoneJS is a powerful Node.js content management system and web application framework built on express and mongoose . A CSV injection vulnerability exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS versions prior to 4.0.0-beta.7. A detailed vulnerability descripti...

8.8CVSS7.2AI score0.07217EPSS
Exploits4References1
nvd
nvd
added 2017/10/24 10:29 p.m.27 views

CVE-2017-15881

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

4.8CVSS5.2AI score0.01215EPSS
Exploits0References4
prion
prion
added 2017/10/24 10:29 p.m.16 views

Cross site scripting

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878...

3.5CVSS5.2AI score0.03415EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder