PT-2017-14257 · Keystonejs · Keystonejs
Ishaq Mohammed
·
Published
2017-10-24
·
Updated
2017-11-15
·
CVE-2017-15878
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
KeystoneJS versions prior to 4.0.0
Description
A cross-site scripting (XSS) issue exists due to the failure to sanitize user input on the Contact Us page, allowing attackers to submit contact forms with malicious JavaScript in the message field. This leads to the execution of arbitrary JavaScript in an admin's browser when they open a new inquiry.
Recommendations
Update to version 4.0.0 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Keystonejs