69 matches found
EUVD-2019-0405
Malware in sbrugna...
EUVD-2019-6852
Malware in sbrugna...
EUVD-2020-30202
Malware in sbrugna...
EUVD-2022-4846
Malicious code in bioql PyPI...
EUVD-2025-31081
Malicious code in bioql PyPI...
EUVD-2022-4871
Malicious code in bioql PyPI...
CVE-2025-11019
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-11019
Total.js CMS (up to 19.9.0) has a cross-site scripting vulnerability in the Files Menu component caused by manipulation of an unknown function. The issue can be exploited remotely and an exploit has been disclosed publicly. The connected documents consistently reference Total.js CMS and the Files...
PT-2025-39646
Name of the Vulnerable Software and Affected Versions Total.js CMS versions up to 19.9.0 Description A flaw exists in Total.js CMS that allows for cross site scripting through manipulation of an unknown function within the Files Menu component. This issue can be exploited remotely, and details...
CVE-2025-10940
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-10940
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layoutssave of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit h...
CVE-2025-10940
Total.js CMS 1.0.0 is affected by a cross-site scripting vulnerability in the layouts_save function under /admin/ of the Layout Page. The issue arises from manipulation of the HTML argument, enabling remote initiation of an XSS attack. Public exploit details exist (PROOF-OF-CONCEPT in some source...
PT-2025-39359
Name of the Vulnerable Software and Affected Versions Total.js CMS version 1.0.0 Description A cross site scripting issue exists in Total.js CMS version 1.0.0. The issue is located in the layouts save function within the /admin/ file of the Layout Page component. Manipulation of the HTML argument...
CVE-2024-48655
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file...
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
CVE-2019-10260
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html item.message and themes/admin/public/ui.js column.format...
CVE-2019-15954
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...
CVE-2019-15953
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertica...
CVE-2019-15955
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with On=2n instead of On=n^x complexity...
CVE-2019-15952
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack ../ to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed...