VulnerableCode Package Details - pkg:npm/keystone@4.0.0-beta6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/keystone@4.0.0-beta6

Essentials
History (1)

purl	pkg:npm/keystone@4.0.0-beta6
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-m9p7-836k-pqfb Aliases: CVE-2017-15881 GHSA-7cv6-gvx3-m54m	Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.	4.0.0-beta7 Affected by 0 other vulnerabilities. 4.1.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-m9p7-836k-pqfb
Aliases:
CVE-2017-15881
GHSA-7cv6-gvx3-m54m

Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.

4.0.0-beta7
Affected by 0 other vulnerabilities.

4.1.0
Affected by 1 other vulnerability.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:05:08.398491+00:00	GHSA Importer	Affected by	VCID-m9p7-836k-pqfb	https://github.com/advisories/GHSA-7cv6-gvx3-m54m	38.6.0