Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7gmr-tc7q-kyet
Vulnerability ID VCID-7gmr-tc7q-kyet
Aliases CVE-2017-15881
GHSA-7cv6-gvx3-m54m
Summary Cross-site Scripting Cross-Site Scripting vulnerability in KeystoneJS allows remote authenticated administrators to inject arbitrary web script or HTML via the `content brief` or `content extended` field.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00466 https://api.first.org/data/v1/epss?cve=CVE-2017-15881
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-7cv6-gvx3-m54m
Reference id Reference type URL
http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
https://api.first.org/data/v1/epss?cve=CVE-2017-15881
https://github.com/keystonejs/keystone/issues/4437
https://github.com/keystonejs/keystone/pull/4478
https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
https://www.npmjs.com/advisories/981
http://www.securityfocus.com/bid/101541
CVE-2017-15881 https://nvd.nist.gov/vuln/detail/CVE-2017-15881
GHSA-7cv6-gvx3-m54m https://github.com/advisories/GHSA-7cv6-gvx3-m54m
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.64702
EPSS Score 0.00466
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:53:12.340080+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/keystone/CVE-2017-15881.yml 38.6.0