Vulnerabilities > Keystonejs > Keystone > 0.2.24

DATE CVE VULNERABILITY TITLE RISK
2023-08-15 CVE-2023-40027 Missing Authorization vulnerability in Keystonejs Keystone
Keystone is an open source headless CMS for Node.js — built with GraphQL and React.
network
low complexity
keystonejs CWE-862
5.3
5.3
2023-06-13 CVE-2023-34247 Open Redirect vulnerability in Keystonejs Keystone
Keystone is a content management system for Node.JS.
network
low complexity
keystonejs CWE-601
4.1
4.1
2022-01-12 CVE-2022-0087 Cross-site Scripting vulnerability in Keystonejs Keystone
keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
network
keystonejs CWE-79
4.3
4.3
2018-05-29 CVE-2015-9240 Credentials Management vulnerability in Keystonejs Keystone
Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched.
network
low complexity
keystonejs CWE-255
5.0
5.0
2017-10-24 CVE-2017-15881 Cross-site Scripting vulnerability in Keystonejs Keystone
Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878.
network
keystonejs CWE-79
3.5
3.5