KeystoneJS 4.0.0-beta.5 Unauthenticated Stored Cross Site Scripting

KeystoneJS version 4.0.0-beta.5 suffers from an unauthenticated stored cross site scripting vulnerability.

MD5 | b25bac8103481cb0935773ae248e5749

# Exploit Title: KeystoneJS 4.0.0-beta.5 Unauthenticated Stored XSS
# Vendor Homepage:
# Exploit Author: Ishaq Mohammed
# Contact:
# Website:
# Category: WEBAPPS
# Platform: Node.js
# CVE: CVE-2017-15878

Vendor Description:

KeystoneJS is a powerful Node.js content management system and web app
framework built on express and mongoose. Keystone makes it easy to create
sophisticated web sites and apps, and comes with a beautiful auto-generated
Admin UI.

Technical Details and Exploitation:

A cross-site scripting (XSS) vulnerability exists in
fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via
the Contact Us feature.

Proof of Concept:

1. Navigate to Contact Us page
2. Fill in the details needed and enter the below payload in message field
and send
<a onmouseover=alert(document.cookie)>XSS link</a>
3. Now login as admin and navigate to the above new record created in the
4. Move the cursor on the text aXSS linka


The issues have been fixed and the vendor has released the patches


Best Regards,
Ishaq Mohammed

Related Posts