RSS   Vulnerabilities for 'Keystone'   RSS

2017-10-24
 
CVE-2017-15881

CWE-79
 

 
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.

 
 
CVE-2017-15879

CWE-20
 

 
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.

 


Copyright 2019, cxsecurity.com

 

Back to Top