Vulnerabilities > Keystonejs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-29 | CVE-2015-9240 | Credentials Management vulnerability in Keystonejs Keystone Due to a bug in the the default sign in functionality in the keystone node module before 0.3.16, incomplete email addresses could be matched. | 7.5 |
| 2017-11-06 | CVE-2017-16570 | Cross-Site Request Forgery (CSRF) vulnerability in Keystonejs Keystone KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by removing the CSRF parameter and value, aka SecureLayer7 issue number SL7_KEYJS_03. | 8.8 |
| 2017-10-24 | CVE-2017-15879 | Improper Input Validation vulnerability in Keystonejs Keystone 4.0.0 CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export. | 8.8 |