VulnerableCode Package Details - pkg:npm/keystone@4.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-7gmr-tc7q-kyet Aliases: CVE-2017-15881 GHSA-7cv6-gvx3-m54m	Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.	4.1.0 Affected by 0 other vulnerabilities.
VCID-h4bk-wxrm-sud1 Aliases: CVE-2017-15879 GHSA-6494-v9fq-fgq2	Improper Input Validation CSV Injection via a value that is mishandled in a CSV export.	4.1.0 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-7gmr-tc7q-kyet
Aliases:
CVE-2017-15881
GHSA-7cv6-gvx3-m54m

Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.

4.1.0
Affected by 0 other vulnerabilities.

VCID-h4bk-wxrm-sud1
Aliases:
CVE-2017-15879
GHSA-6494-v9fq-fgq2

Improper Input Validation CSV Injection via a value that is mishandled in a CSV export.

4.1.0
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2f9m-25qd-cbf4	Cross-Site Scripting in keystone	GHSA-h29r-4vqp-8jxf
VCID-jdyf-4pb7-t3gd	Cross-site Scripting Possible Cross-site scripting via the "Contact Us feature".	CVE-2017-15878 GHSA-7qcx-jmrc-h2rr
VCID-ydn2-kvx6-cycy	Cross-Site Request Forgery (CSRF) KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.	CVE-2017-16570 GHSA-q43c-g2g7-6gxj

Vulnerability

Summary

Aliases

VCID-2f9m-25qd-cbf4

Cross-Site Scripting in keystone

GHSA-h29r-4vqp-8jxf

VCID-jdyf-4pb7-t3gd

Cross-site Scripting Possible Cross-site scripting via the "Contact Us feature".

CVE-2017-15878
GHSA-7qcx-jmrc-h2rr

VCID-ydn2-kvx6-cycy

Cross-Site Request Forgery (CSRF) KeystoneJS allows application-wide CSRF bypass by removing the CSRF parameter and value.

CVE-2017-16570
GHSA-q43c-g2g7-6gxj

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T11:10:10.236829+00:00	GithubOSV Importer	Fixing	VCID-2f9m-25qd-cbf4	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-h29r-4vqp-8jxf/GHSA-h29r-4vqp-8jxf.json	38.6.0
2026-05-31T10:58:37.794497+00:00	GithubOSV Importer	Fixing	VCID-jdyf-4pb7-t3gd	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2017/11/GHSA-7qcx-jmrc-h2rr/GHSA-7qcx-jmrc-h2rr.json	38.6.0
2026-05-31T00:53:04.021211+00:00	GHSA Importer	Fixing	VCID-2f9m-25qd-cbf4	https://github.com/advisories/GHSA-h29r-4vqp-8jxf	38.6.0
2026-05-31T00:50:06.721461+00:00	GHSA Importer	Fixing	VCID-jdyf-4pb7-t3gd	https://github.com/advisories/GHSA-7qcx-jmrc-h2rr	38.6.0
2026-05-30T20:53:13.502501+00:00	GitLab Importer	Fixing	VCID-ydn2-kvx6-cycy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-16570.yml	38.6.0
2026-05-30T20:53:12.360636+00:00	GitLab Importer	Affected by	VCID-7gmr-tc7q-kyet	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15881.yml	38.6.0
2026-05-30T20:53:10.812430+00:00	GitLab Importer	Fixing	VCID-jdyf-4pb7-t3gd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15878.yml	38.6.0
2026-05-30T20:53:09.335172+00:00	GitLab Importer	Affected by	VCID-h4bk-wxrm-sud1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15879.yml	38.6.0