CVE-2017-15879
HIGHKeystoneJS < 4.0.0-beta.7 - CSV Injection via CSV Export
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-15879. PoCs published by Ishaq Mohammed.
AI-analyzed exploit summary This exploit demonstrates a CSV injection vulnerability in KeystoneJS before 4.0.0-beta.7, where a malicious payload in the Name field triggers command execution when the CSV is opened in Excel.
Description
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
Exploits (1)
exploitdb
WORKING POC
by Ishaq Mohammed · textwebappsnodejs
https://www.exploit-db.com/exploits/43053
This exploit demonstrates a CSV injection vulnerability in KeystoneJS before 4.0.0-beta.7, where a malicious payload in the Name field triggers command execution when the CSV is opened in Excel.
Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
KeystoneJS < 4.0.0-beta.7
Auth required
Prerequisites:
Access to the Contact Us page · Admin credentials to download the CSV
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/keystonejs/keystone/pull/4478
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43053/
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/144755/KeystoneJS-4.0.0-beta.5-Unauthenticated-CSV-Injection.html
Scores
CVSS v3
8.8
EPSS
0.0982
EPSS Percentile
93.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (2)
keystonejs/keystone
< 4.0.0
npm/keystone
0 - 4.0.0-beta7npm
Published
Oct 24, 2017
Tracked Since
Feb 18, 2026