This post is about an interesting security issue I found in KeystoneJS, the Node.js/Express based content management framework.
It’s a simple Open Redirect weakness in the sign in page of version 4, which is currently in beta but widely deployed out on the Internet. It was interesting to me …