7 matches found
CVE-2023-40027
Keystone (Node.js) vulnerability CVE-2023-40027: When ui.isAccessAllowed is undefined, the adminMeta GraphQL query is publicly accessible without a session, potentially exposing admin metadata. Affected users are those relying on a session strategy to restrict access; developers using @keystone-6...
CVE-2022-0087
Keystone 6 login page vulnerability (CVE-2022-0087) involves an open redirect via the from= URL parameter, which can be escalated to reflected XSS. The issue is highlighted in the Nuclei template for Keystone 6 Login Page, describing an open redirect and potential XSS on the authentication flow. ...
CVE-2025-46720
Keystone (Node.js CMS) prior to 6.5.0 has an Access Control Bypass in update/delete mutations: when a where clause uses multiple unique filters, the isFilterable check can be bypassed, enabling inference of hidden field values. The issue is patched in @keystone-6/core v6.5.0. Mitigations from the...
CVE-2017-15878
KeystoneJS prior to 4.0.0-beta.7 contains a cross-site scripting (XSS) flaw in fields/types/markdown/MarkdownType.js exposed via the Contact Us feature. Multiple sources (GHSA entry and exploit reports) describe this as an unauthenticated or remote-exploit path that can deliver arbitrary JavaScri...
CVE-2017-16570
KeystoneJS vulnerability CVE-2017-16570 affects KeystoneJS before 4.0.0-beta.7. The issue is a Cross-Site Request Forgery (CSRF) bypass where requests can bypass CSRF protection by removing the CSRF parameter/value, effectively not rejecting requests that lack an X-CSRF-Token header. Public detai...
CVE-2015-9240
CVE-2015-9240 affects the keystone node module prior to 0.3.16. The vulnerability is a partial authentication bypass in the default sign-in flow: if an attacker provides a full and correct password but only a partial email address, authentication can be granted. Affected component is the keystone...
CVE-2026-33326
Summary: Keystone 6 core prior to 6.5.2 had a bypass in isFilterable for findMany via the cursor parameter, allowing potential disclosure by confirming protected field values. The root cause is that the cursor input type reused UniqueWhere checks not patched by the previous fix for CVE-2025-46720...