Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
CVE-2022-0087

7.1HIGH

Key Information:

Vendor

Keystonejs

Status
Keystonejs/keystone
Vendor
CVE Published:
12 January 2022

What is CVE-2022-0087?

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected Version(s)

keystonejs/keystone < unspecified

References

https://huntr.dev/bounties/c9d7374f-2cb9-4bac-9c90-a96594...
x_refsource_CONFIRM
https://github.com/keystonejs/keystone/commit/96bf833a23b...
x_refsource_MISC

EPSS Score

56% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

CVSS V3.0

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.