CVE-2017-15878

Name of the Vulnerable Software and Affected Versions KeystoneJS versions prior to 4.0.0

Description A cross-site scripting (XSS) issue exists due to the failure to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. This leads to the execution of arbitrary JavaScript in an admin's browser when they open a new inquiry.

Recommendations Update to version 4.0.0 or later.