Описание
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
Ссылки
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Issue TrackingThird Party Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.3.22 (включая)
Одно из
cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:-:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:beta1:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:beta2:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:beta3:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:beta4:*:*:*:node.js:*:*
cpe:2.3:a:keystonejs:keystone:4.0.0:beta5:*:*:*:node.js:*:*
EPSS
Процентиль: 64%
0.00466
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
EPSS
Процентиль: 64%
0.00466
Низкий
4.8 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79