Vulnerabilities > Keystonejs

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-40027 Unspecified vulnerability in Keystonejs Keystone
Keystone is an open source headless CMS for Node.js — built with GraphQL and React.
network
low complexity
keystonejs
5.3
2023-06-13 CVE-2023-34247 Unspecified vulnerability in Keystonejs Keystone
Keystone is a content management system for Node.JS.
network
low complexity
keystonejs
4.1
2022-11-03 CVE-2022-39382 Injection vulnerability in Keystonejs Keystone 3.0.0/3.0.1
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/[email protected] || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code, irrespective of what your environment variables.
network
low complexity
keystonejs CWE-74
critical
9.8
2022-10-25 CVE-2022-39322 Incorrect Authorization vulnerability in Keystonejs Keystone 2.2.0/2.3.0
@keystone-6/core is a core package for Keystone 6, a content management system for Node.js.
network
low complexity
keystonejs CWE-863
critical
9.8
2022-05-16 CVE-2022-29354 Unrestricted Upload of File with Dangerous Type vulnerability in Keystonejs Keystone 4.2.1
An arbitrary file upload vulnerability in the file upload module of Keystone v4.2.1 allows attackers to execute arbitrary code via a crafted file.
network
low complexity
keystonejs CWE-434
critical
9.8
2022-01-12 CVE-2022-0087 Unspecified vulnerability in Keystonejs Keystone
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
low complexity
keystonejs
6.1
2021-05-24 CVE-2021-32624 Information Exposure vulnerability in Keystonejs Keystone-5
Keystone 5 is an open source CMS platform to build Node.js applications.
network
high complexity
keystonejs CWE-200
5.3
2018-05-29 CVE-2015-9240 Credentials Management vulnerability in Keystonejs Keystone
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched.
network
low complexity
keystonejs CWE-255
7.5
2017-11-06 CVE-2017-16570 Cross-Site Request Forgery (CSRF) vulnerability in Keystonejs Keystone
KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03.
network
low complexity
keystonejs CWE-352
8.8
2017-10-24 CVE-2017-15881 Cross-site Scripting vulnerability in Keystonejs Keystone
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
network
low complexity
keystonejs CWE-79
4.8