{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T07:01:48.436","vulnerabilities":[{"cve":{"id":"CVE-2017-15881","sourceIdentifier":"cve@mitre.org","published":"2017-10-24T22:29:00.240","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the \"content brief\" or \"content extended\" field, a different vulnerability than CVE-2017-15878."},{"lang":"es","value":"Vulnerabilidad Cross-Site Scripting (XSS) en KeystoneJS en versiones anteriores a la 4.0.0-beta.7 permite que administradores autenticados remotos inyecten scripts web o HTML arbitrarios mediante el campo \"content brief\" o \"content extended\". Esta es una vulnerabilidad diferente de CVE-2017-15878."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.7,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:*:*:*:*:*:node.js:*:*","versionEndIncluding":"0.3.22","matchCriteriaId":"C32D3468-09D8-4515-B8B4-CBECED5C6EDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:-:*:*:*:node.js:*:*","matchCriteriaId":"939A5AB7-633A-4013-9A5F-FE793D6CDBE1"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:beta1:*:*:*:node.js:*:*","matchCriteriaId":"DA566AA1-50F8-4A8C-9D50-FD6C98C24702"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:beta2:*:*:*:node.js:*:*","matchCriteriaId":"AFE82BBF-FAD3-4A0F-BF9C-A6B735CE9C59"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:beta3:*:*:*:node.js:*:*","matchCriteriaId":"B01C0065-8918-42E1-A7FF-002C0C088B25"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:beta4:*:*:*:node.js:*:*","matchCriteriaId":"709083AB-14C2-4DDD-ADC2-436587ECBBA7"},{"vulnerable":true,"criteria":"cpe:2.3:a:keystonejs:keystone:4.0.0:beta5:*:*:*:node.js:*:*","matchCriteriaId":"872696B2-6C8F-406E-AD2E-A862BE2985EC"}]}]}],"references":[{"url":"http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/101541","source":"cve@mitre.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/keystonejs/keystone/issues/4437","source":"cve@mitre.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/keystonejs/keystone/pull/4478","source":"cve@mitre.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"http://blog.securelayer7.net/keystonejs-open-source-penetration-testing-report/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"http://www.securityfocus.com/bid/101541","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/keystonejs/keystone/issues/4437","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/keystonejs/keystone/pull/4478","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]}]}}]}