EPSS
Percentile
50.3%
keystone is vulnerable to cross-site scripting (XSS) attacks. Authenticated administrators can leverage the lack of sanitization in the content brief and content extended fields to inject and execute arbitrary webscript.
content brief
content extended
blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
www.securityfocus.com/bid/101541
github.com/keystonejs/keystone/issues/4437
github.com/keystonejs/keystone/pull/4478
www.npmjs.com/advisories/981