VYPR
Medium severity4.8NVD Advisory· Published Oct 24, 2017· Updated Jun 17, 2026

CVE-2017-15881

CVE-2017-15881

Description

Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
keystonenpm
< 4.0.0-beta74.0.0-beta7

Affected products

8
  • cpe:2.3:a:keystonejs:keystone:4.0.0:beta1:*:*:*:node.js:*:*+ 6 more
    • cpe:2.3:a:keystonejs:keystone:4.0.0:beta1:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:4.0.0:beta2:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:4.0.0:beta3:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:4.0.0:beta4:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:4.0.0:beta5:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:4.0.0:-:*:*:*:node.js:*:*
    • cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*range: <=0.3.22
  • ghsa-coords
    Range: < 4.0.0-beta7

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.