Cross-site Scripting (XSS)

2017-10-2501:55:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.8%

JSON

keystone is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible through the fields/types/markdown/MarkdownType.js file because the markdown is not sanitized. This allows attackers to inject and execute arbitrary webscript.

CPENameOperatorVersion
keystonele4.0.0-beta.5

CPE	Name	Operator	Version
	keystone	le	4.0.0-beta.5

References

blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/

github.com/keystonejs/keystone/issues/4437

github.com/keystonejs/keystone/pull/4478

0.003 Low

EPSS

Percentile

71.8%

JSON

Related for VERACODE:5320