NodeJS/keystone/4.0.0-beta.7
Web Application Framework and Admin GUI / Content Management System built on Express.js and Mongoose
https://www.npmjs.com/package/keystone
MIT
2 Security Vulnerabilities
Cross-Site Scripting in keystone
Published date: 2017-11-15T19:44:16Z
CVE: CVE-2017-15878
Links:
- https://nvd.nist.gov/vuln/detail/CVE-2017-15878
- https://github.com/advisories/GHSA-7qcx-jmrc-h2rr
- https://securelayer7.net/download/pdf/KeystoneJS-Pentest-Report-SecureLayer7.pdf
- https://www.npmjs.com/advisories/980
- https://github.com/keystonejs/keystone/pull/4478
- https://packetstormsecurity.com/files/144756/KeystoneJS-4.0.0-beta.5-Unauthenticated-Stored-Cross-Site-Scripting.html
- https://www.exploit-db.com/exploits/43054/
- http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/
- http://www.securityfocus.com/bid/101541
Versions of keystone
prior to 4.0.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize user input on the Contact Us
page, allowing attackers to submit contact forms with malicious JavaScript in the message field. The output is not properly encoded leading an admin that opens new inquiry to execute the arbitrary JavaScript supplied in their browser.
Recommendation
Update to version 4.0.0 or later.
Affected versions:
["0.0.9", "0.0.10", "0.0.11", "0.0.12", "0.0.13", "0.0.14", "0.0.15", "0.0.16", "0.0.17", "0.0.18", "0.0.19", "0.0.20", "0.0.21", "0.0.22", "0.0.23", "0.0.24", "0.0.25", "0.0.26", "0.0.27", "0.0.28", "0.0.29", "0.0.30", "0.0.31", "0.0.32", "0.0.33", "0.0.34", "0.0.35", "0.0.36", "0.0.37", "0.0.38", "0.0.39", "0.0.40", "0.0.41", "0.0.42", "0.0.43", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.14", "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.1.20", "0.1.21", "0.1.22", "0.1.23", "0.1.24", "0.1.25", "0.1.26", "0.1.27", "0.1.28", "0.1.29", "0.1.30", "0.1.31", "0.1.32", "0.1.33", "0.1.34", "0.1.35", "0.1.36", "0.1.37", "0.1.38", "0.1.39", "0.1.40", "0.1.41", "0.1.42", "0.1.43", "0.1.44", "0.1.45", "0.1.46", "0.1.47", "0.1.48", "0.1.49", "0.1.50", "0.1.51", "0.1.52", "0.1.53", "0.1.54", "0.1.55", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.2.20", "0.2.21", "0.2.22", "0.2.23", "0.2.24", "0.2.25", "0.2.26", "0.2.27", "0.2.28", "0.2.29", "0.2.30", "0.2.31", "0.2.32", "0.2.33", "0.2.34", "0.2.35", "0.2.36", "0.2.37", "0.2.38", "0.2.39", "0.2.40", "0.2.41", "0.2.42", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.11", "0.3.12", "0.3.13", "0.3.14", "0.3.15", "0.3.16", "0.3.17", "0.3.18", "0.3.19", "0.3.20", "0.3.21", "0.3.22", "4.0.0-beta.1", "4.0.0-beta.2", "4.0.0-beta.3", "4.0.0-beta.4", "4.0.0-beta.5", "4.0.0-beta.7", "4.0.0-beta.8", "4.0.0-rc.0", "4.0.0-rc.1"]
Secure versions:
[4.0.0, 4.1.0, 4.1.1, 4.2.0, 4.2.1]
Recommendation:
Update to version 4.2.1.
Cross-Site Scripting in keystone
Published date: 2020-08-20T17:21:46Z
Links:
Withdrawn: Duplicate of GHSA-7qcx-jmrc-h2rr
Affected versions:
["0.0.9", "0.0.10", "0.0.11", "0.0.12", "0.0.13", "0.0.14", "0.0.15", "0.0.16", "0.0.17", "0.0.18", "0.0.19", "0.0.20", "0.0.21", "0.0.22", "0.0.23", "0.0.24", "0.0.25", "0.0.26", "0.0.27", "0.0.28", "0.0.29", "0.0.30", "0.0.31", "0.0.32", "0.0.33", "0.0.34", "0.0.35", "0.0.36", "0.0.37", "0.0.38", "0.0.39", "0.0.40", "0.0.41", "0.0.42", "0.0.43", "0.1.0", "0.1.1", "0.1.2", "0.1.3", "0.1.4", "0.1.5", "0.1.6", "0.1.7", "0.1.8", "0.1.9", "0.1.10", "0.1.11", "0.1.12", "0.1.13", "0.1.14", "0.1.15", "0.1.16", "0.1.17", "0.1.18", "0.1.19", "0.1.20", "0.1.21", "0.1.22", "0.1.23", "0.1.24", "0.1.25", "0.1.26", "0.1.27", "0.1.28", "0.1.29", "0.1.30", "0.1.31", "0.1.32", "0.1.33", "0.1.34", "0.1.35", "0.1.36", "0.1.37", "0.1.38", "0.1.39", "0.1.40", "0.1.41", "0.1.42", "0.1.43", "0.1.44", "0.1.45", "0.1.46", "0.1.47", "0.1.48", "0.1.49", "0.1.50", "0.1.51", "0.1.52", "0.1.53", "0.1.54", "0.1.55", "0.2.0", "0.2.1", "0.2.2", "0.2.3", "0.2.4", "0.2.5", "0.2.6", "0.2.7", "0.2.8", "0.2.9", "0.2.10", "0.2.11", "0.2.12", "0.2.13", "0.2.14", "0.2.15", "0.2.16", "0.2.17", "0.2.18", "0.2.19", "0.2.20", "0.2.21", "0.2.22", "0.2.23", "0.2.24", "0.2.25", "0.2.26", "0.2.27", "0.2.28", "0.2.29", "0.2.30", "0.2.31", "0.2.32", "0.2.33", "0.2.34", "0.2.35", "0.2.36", "0.2.37", "0.2.38", "0.2.39", "0.2.40", "0.2.41", "0.2.42", "0.3.0", "0.3.1", "0.3.2", "0.3.3", "0.3.4", "0.3.5", "0.3.6", "0.3.7", "0.3.8", "0.3.9", "0.3.10", "0.3.11", "0.3.12", "0.3.13", "0.3.14", "0.3.15", "0.3.16", "0.3.17", "0.3.18", "0.3.19", "0.3.20", "0.3.21", "0.3.22", "4.0.0-beta.1", "4.0.0-beta.2", "4.0.0-beta.3", "4.0.0-beta.4", "4.0.0-beta.5", "4.0.0-beta.7", "4.0.0-beta.8", "4.0.0-rc.0", "4.0.0-rc.1"]
Secure versions:
[4.0.0, 4.1.0, 4.1.1, 4.2.0, 4.2.1]
Recommendation:
Update to version 4.2.1.
171 Other Versions
Version | License | Security | Released | |
---|---|---|---|---|
4.2.1 | MIT | 2019-07-15 - 12:56 | almost 5 years | |
4.2.0 | MIT | 2019-07-15 - 12:49 | almost 5 years | |
4.1.1 | MIT | 2019-06-23 - 12:57 | almost 5 years | |
4.1.0 | MIT | 2019-05-19 - 15:54 | almost 5 years | |
4.0.0 | MIT | 2018-07-25 - 08:31 | over 5 years | |
4.0.0-rc.1 | MIT | 2 | 2018-07-06 - 07:57 | almost 6 years |
4.0.0-rc.0 | MIT | 2 | 2018-06-22 - 09:31 | almost 6 years |
4.0.0-beta.8 | MIT | 2 | 2018-01-22 - 13:00 | about 6 years |
4.0.0-beta.7 | MIT | 2 | 2017-10-23 - 06:45 | over 6 years |
4.0.0-beta.5 | MIT | 5 | 2017-01-25 - 06:08 | about 7 years |
4.0.0-beta.4 | MIT | 5 | 2016-12-02 - 02:11 | over 7 years |
4.0.0-beta.3 | MIT | 5 | 2016-09-25 - 10:56 | over 7 years |
4.0.0-beta.2 | MIT | 5 | 2016-09-06 - 02:25 | over 7 years |
4.0.0-beta.1 | MIT | 5 | 2016-08-25 - 07:54 | over 7 years |
0.3.22 | MIT | 5 | 2016-07-22 - 10:36 | over 7 years |
0.3.21 | MIT | 5 | 2016-06-19 - 11:44 | almost 8 years |
0.3.20 | MIT | 5 | 2016-06-17 - 11:45 | almost 8 years |
0.3.19 | MIT | 5 | 2016-05-04 - 15:09 | almost 8 years |
0.3.18 | MIT | 5 | 2016-04-27 - 06:59 | almost 8 years |
0.3.17 | MIT | 5 | 2016-03-23 - 09:04 | about 8 years |
0.3.16 | MIT | 5 | 2015-12-04 - 02:49 | over 8 years |
0.3.15 | MIT | 8 | 2015-10-15 - 00:28 | over 8 years |
0.3.14 | MIT | 8 | 2015-08-25 - 04:48 | over 8 years |
0.3.13 | MIT | 8 | 2015-08-03 - 11:36 | over 8 years |
0.3.12 | MIT | 8 | 2015-06-25 - 14:16 | almost 9 years |
0.3.11 | MIT | 8 | 2015-06-12 - 06:16 | almost 9 years |
0.3.10 | MIT | 8 | 2015-05-19 - 13:55 | almost 9 years |
0.3.9 | MIT | 8 | 2015-05-16 - 14:25 | almost 9 years |
0.3.8 | MIT | 8 | 2015-04-23 - 13:36 | almost 9 years |
0.3.7 | MIT | 8 | 2015-04-23 - 09:44 | almost 9 years |
0.3.6 | MIT | 8 | 2015-04-14 - 00:18 | about 9 years |
0.3.5 | MIT | 8 | 2015-04-12 - 10:52 | about 9 years |
0.3.4 | MIT | 8 | 2015-03-10 - 12:07 | about 9 years |
0.3.3 | MIT | 8 | 2015-03-08 - 12:17 | about 9 years |
0.3.2 | MIT | 8 | 2015-02-27 - 11:22 | about 9 years |
0.3.1 | MIT | 8 | 2015-02-13 - 11:37 | about 9 years |
0.3.0 | MIT | 8 | 2015-02-10 - 10:49 | about 9 years |
0.2.42 | MIT | 8 | 2015-01-20 - 03:47 | about 9 years |
0.2.41 | MIT | 8 | 2015-01-18 - 11:48 | over 9 years |
0.2.40 | MIT | 8 | 2014-12-31 - 04:26 | over 9 years |
0.2.39 | MIT | 8 | 2014-12-20 - 07:57 | over 9 years |
0.2.38 | MIT | 8 | 2014-12-19 - 07:52 | over 9 years |
0.2.37 | MIT | 8 | 2014-12-19 - 00:54 | over 9 years |
0.2.36 | MIT | 8 | 2014-12-07 - 04:51 | over 9 years |
0.2.35 | MIT | 8 | 2014-12-03 - 07:00 | over 9 years |
0.2.34 | MIT | 8 | 2014-11-29 - 10:14 | over 9 years |
0.2.33 | MIT | 8 | 2014-11-04 - 14:36 | over 9 years |
0.2.32 | MIT | 8 | 2014-10-16 - 11:08 | over 9 years |
0.2.31 | MIT | 8 | 2014-10-14 - 12:50 | over 9 years |
0.2.30 | MIT | 8 | 2014-10-02 - 12:17 | over 9 years |
0.2.29 | MIT | 8 | 2014-09-30 - 13:54 | over 9 years |
0.2.28 | MIT | 8 | 2014-09-12 - 11:42 | over 9 years |
0.2.27 | MIT | 8 | 2014-08-30 - 11:43 | over 9 years |
0.2.26 | MIT | 8 | 2014-08-14 - 04:03 | over 9 years |
0.2.25 | MIT | 8 | 2014-07-27 - 13:09 | over 9 years |
0.2.24 | MIT | 8 | 2014-07-25 - 07:10 | over 9 years |
0.2.23 | MIT | 8 | 2014-07-20 - 11:06 | almost 10 years |
0.2.22 | MIT | 8 | 2014-06-28 - 17:17 | almost 10 years |
0.2.21 | MIT | 8 | 2014-06-16 - 03:57 | almost 10 years |
0.2.20 | MIT | 8 | 2014-06-06 - 11:00 | almost 10 years |
0.2.19 | MIT | 8 | 2014-05-28 - 08:19 | almost 10 years |
0.2.18 | MIT | 8 | 2014-05-21 - 15:05 | almost 10 years |
0.2.17 | MIT | 8 | 2014-05-19 - 02:19 | almost 10 years |
0.2.16 | MIT | 8 | 2014-05-14 - 11:20 | almost 10 years |
0.2.15 | MIT | 8 | 2014-05-13 - 06:13 | almost 10 years |
0.2.14 | MIT | 8 | 2014-04-15 - 16:40 | about 10 years |
0.2.13 | MIT | 8 | 2014-04-03 - 14:31 | about 10 years |
0.2.12 | MIT | 8 | 2014-04-02 - 15:25 | about 10 years |
0.2.11 | MIT | 8 | 2014-04-02 - 11:30 | about 10 years |
0.2.10 | MIT | 8 | 2014-03-18 - 15:46 | about 10 years |
0.2.9 | MIT | 8 | 2014-03-18 - 12:42 | about 10 years |
0.2.8 | MIT | 8 | 2014-03-12 - 16:05 | about 10 years |
0.2.7 | MIT | 8 | 2014-03-11 - 08:31 | about 10 years |
0.2.6 | MIT | 8 | 2014-02-25 - 06:08 | about 10 years |
0.2.5 | MIT | 8 | 2014-02-17 - 15:56 | about 10 years |
0.2.4 | MIT | 8 | 2014-02-15 - 16:35 | about 10 years |
0.2.3 | MIT | 8 | 2014-02-10 - 15:10 | about 10 years |
0.2.2 | MIT | 8 | 2014-02-05 - 09:48 | about 10 years |
0.2.1 | MIT | 8 | 2014-02-04 - 06:16 | about 10 years |
0.2.0 | MIT | 8 | 2014-01-25 - 16:18 | about 10 years |
0.1.55 | MIT | 8 | 2013-12-30 - 03:45 | over 10 years |
0.1.54 | MIT | 8 | 2013-12-23 - 08:50 | over 10 years |
0.1.53 | MIT | 8 | 2013-12-22 - 14:29 | over 10 years |
0.1.52 | MIT | 8 | 2013-12-12 - 08:29 | over 10 years |
0.1.51 | MIT | 8 | 2013-12-10 - 17:08 | over 10 years |
0.1.50 | MIT | 8 | 2013-12-09 - 07:24 | over 10 years |
0.1.49 | MIT | 8 | 2013-12-04 - 06:52 | over 10 years |
0.1.48 | MIT | 8 | 2013-12-03 - 06:21 | over 10 years |
0.1.47 | MIT | 8 | 2013-12-02 - 06:55 | over 10 years |
0.1.46 | MIT | 8 | 2013-11-27 - 08:38 | over 10 years |
0.1.45 | MIT | 8 | 2013-11-20 - 14:51 | over 10 years |
0.1.44 | MIT | 8 | 2013-11-19 - 15:50 | over 10 years |
0.1.43 | MIT | 8 | 2013-11-19 - 14:27 | over 10 years |
0.1.42 | MIT | 8 | 2013-11-18 - 15:49 | over 10 years |
0.1.41 | MIT | 8 | 2013-11-18 - 10:56 | over 10 years |
0.1.40 | MIT | 8 | 2013-11-14 - 09:00 | over 10 years |
0.1.39 | MIT | 8 | 2013-11-06 - 13:45 | over 10 years |
0.1.38 | MIT | 8 | 2013-11-05 - 15:44 | over 10 years |
0.1.37 | MIT | 8 | 2013-11-04 - 06:59 | over 10 years |
0.1.36 | MIT | 8 | 2013-11-02 - 14:57 | over 10 years |