High severityNVD Advisory· Published Jan 11, 2022· Updated Aug 2, 2024
Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
CVE-2022-0087
Description
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@keystone-6/authnpm | < 1.0.2 | 1.0.2 |
@keystone-next/authnpm | <= 37.0.0 | — |
Affected products
3- ghsa-coords2 versions
< 1.0.2+ 1 more
- (no CPE)range: < 1.0.2
- (no CPE)range: <= 37.0.0
- Range: unspecified
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-hrgx-7j6v-xj82ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-0087ghsaADVISORY
- github.com/keystonejs/keystone/commit/96bf833a23b1a0a5d365cf394467a943cc481b38ghsax_refsource_MISCWEB
- github.com/keystonejs/keystone/security/advisories/GHSA-hrgx-7j6v-xj82ghsaWEB
- huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a965942f413eghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.