Cross-Site Scripting Vulnerability in KeystoneJS by Thinkmill

CVE-2017-15878

What is CVE-2017-15878?

A cross-site scripting (XSS) vulnerability was identified in KeystoneJS, specifically in the Contact Us feature, which could allow attackers to inject malicious scripts. This occurs due to inadequate input validation in the MarkdownType.js file, enabling unauthorized users to execute harmful scripts within users' browsers. Such exploitation could lead to data theft, session hijacking, or other malicious activities. It is recommended that users of KeystoneJS update to version 4.0.0-beta.7 or later to mitigate this security risk.

References