RSS   Vulnerabilities for 'Keystone'   RSS

2022-05-16
 
CVE-2022-29354

CWE-434
 

 
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.

 
2022-01-12
 
CVE-2022-0087

CWE-79
 

 
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

 
2017-10-24
 
CVE-2017-15881

CWE-79
 

 
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.

 
 
CVE-2017-15879

CWE-20
 

 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.

 

 >>> Vendor: Keystonejs 2 Products
Keystone
Keystone-5


Copyright 2024, cxsecurity.com

 

Back to Top