Cross-Site Scripting Vulnerability in KeystoneJS by KeystoneJS
CVE-2017-15881
4.8MEDIUM
What is CVE-2017-15881?
The KeystoneJS framework prior to version 4.0.0-beta.7 is susceptible to a Cross-Site Scripting vulnerability that enables authenticated administrators to inject arbitrary scripts or HTML through the 'content brief' or 'content extended' fields. This vulnerability presents serious security risks as it could lead to execution of malicious scripts in users' browsers, compromising sensitive data and website integrity.