Vulnerabilities > Keystonejs > Keystone > 4.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-15 | CVE-2023-40027 | Unspecified vulnerability in Keystonejs Keystone Keystone is an open source headless CMS for Node.js — built with GraphQL and React. | 5.3 |
| 2023-06-13 | CVE-2023-34247 | Unspecified vulnerability in Keystonejs Keystone Keystone is a content management system for Node.JS. | 4.1 |
| 2017-10-24 | CVE-2017-15881 | Cross-site Scripting vulnerability in Keystonejs Keystone Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. | 4.8 |
| 2017-10-24 | CVE-2017-15879 | Improper Input Validation vulnerability in Keystonejs Keystone 4.0.0 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | 8.8 |