96 matches found
CVE-2023-30095
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...
CVE-2023-30096
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field...
PT-2023-22538 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to...
CVE-2023-30097
CVE-2023-30097 concerns TotalJS messenger. The vulnerability is a stored cross-site scripting (XSS) issue in the messenger, exploitable via a crafted payload injected into the private task field (commit b6cf1c9). Affected software is TotalJS messenger; underlying cause is stored XSS; impact is ex...
CVE-2023-30095
CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...
CVE-2023-30097
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...
CVE-2023-30094
TotalJS Flow v10 is affected by a stored XSS in the platform name field of the Settings module (CVE-2023-30094). The vulnerability allows an attacker to inject and execute arbitrary scripts/HTML in the victim’s browser. Root cause appears to be insufficient input sanitization in related code path...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
TotalJS OpenPlatform 跨站脚本漏洞
TotalJS OpenPlatform is a simple enterprise-ready platform for TotalJS individual developers. It is used to run, integrate and manage multiple web applications. A security vulnerability exists in version b80b09d of TotalJS OpenPlatform, which stems from the presence of a stored cross-site scripti...
PT-2023-20931 · Unknown · Totaljs Openplatform
Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. This enables the execution of...
CVE-2023-27069
TotalJS OpenPlatform (commit b80b09d) is affected by a stored XSS vulnerability in the account name field. The issue allows an attacker to inject crafted payloads to execute arbitrary web scripts/HTML on the victim’s browser. Reported across multiple sources (NVD, Red Hat, CNNVD, PRION, etc.), th...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
PT-2023-20933 · Unknown · Totaljs Openplatform
Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. Recommendations: For version...
CVE-2023-27070
TotalJS OpenPlatform is affected by a stored XSS in the platform name field introduced by commit b80b09d. Affected component: platform name input handling in OpenPlatform. Impact: attacker could execute arbitrary web scripts/HTML in the user’s browser. Exploit details are not described in these d...