keystone is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible through the fields/types/markdown/MarkdownType.js
file because the markdown is not sanitized. This allows attackers to inject and execute arbitrary webscript.
CPE | Name | Operator | Version |
---|---|---|---|
keystone | le | 4.0.0-beta.5 |