CVSS: 6.1EPSS: 4%CPEs: 1EXPL: 3CVE-2017-15878 – KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-15878
24 Oct 2017 — A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en fields/types/markdown/MarkdownType.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante la característica Contact Us. KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated stored cross site scripting vulnerability. • https://packetstorm.news/files/id/144756 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 10%CPEs: 1EXPL: 2CVE-2017-15879 – KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection
https://notcve.org/view.php?id=CVE-2017-15879
24 Oct 2017 — CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. Existe inyección de CSV (también conocido como Excel Macro Injection or Formula Injection) en admin/server/api/download.js y lib/list/getCSVData.js en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 mediante un valor que no se gestiona de manera correcta en una exportación de CSV. KeystoneJS ver... • https://packetstorm.news/files/id/144755 • CWE-20: Improper Input Validation •