CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

Cross site scripting

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

CVE-2022-26565

Totaljs XSS (CVE-2022-26565): all versions prior to commit 95f54a5commit are vulnerable. An attacker can inject a crafted payload into the Page Name text field during page creation to execute arbitrary web scripts or HTML. The vulnerability is due to unsanitized input in the Page Name field, enab...

CVE-2022-26565

A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...

Total.js 跨站脚本漏洞

Total Avengers Totaljs Framework is a Javascript-based code base for building web, desktop, service or IoT applications from Total Avengers, Slovakia. The application is similar to PHPs Laravel, Pythons Django, ASP.NET MVC for building Node applications.A cross-site scripting vulnerability exists...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2021-23389 +1 more via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2021-23389, CVE-2021-32831 Source advisory: SNYK:JS-TOTALJS-1088607...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2021-23389 +1 more via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2021-23389, CVE-2021-32831 Source advisory: SNYK:JS-TOTALJS-6056532...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +10 more potentially affected by CVE-2020-28495 via total.js (>=1.2.3 <=3.4.13)

total.js NPM version =1.2.3, =1.1.0, =0.1.5, =0.1.0, =4.0.0, =1.0.0, =0.0.1, =0.0.1, =0.0.4 Source cves: CVE-2020-28495 Source advisory: OSV:GHSA-6CF8-QHQJ-VJQM...

@pl-test/c (>=1.1.0 <=1.1.1), @pl-test/e (=1.1.0) +6 more potentially affected by CVE-2020-28495 via total.js (>=3.2.4 <=3.4.13)

total.js NPM version =3.2.4, =1.1.0, =0.3.0, =4.0.0, =1.0.0, =0.0.1, =0.0.4 Source cves: CVE-2020-28495 Source advisory: SNYK:JS-TOTALJS-1046671...

Totaljs CMS 12.0 Widget Creation Code Injection

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Authenticated Code injection on widget creation. + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with “widgets” privilege can gain RCE on the remote server by creating a malicious widget with a...

Totaljs CMS 12.0 Path Traversal

Totaljs CMS authenticated path traversal could lead to RCE + Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS authenticated path traversal could lead to RCE + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with “Pages” privilege can include via...

Totaljs CMS 12.0 Improper Access Control

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Broken Access Control on the API call + Affected software: Totaljs CMS 12.0 + Description: An authenticated user with limited privileges can get access to resource that did not own by calling the associated API. The CMS...

Totaljs CMS 12.0 Insecure Admin Session Cookie

Author/Discoverer: Riccardo Krauter @CertimeterGroup + Title: Totaljs CMS Insecure Admin Session cookie + Affected software: Totaljs CMS 12.0 + Description: A low privilege user can easily crack the owned cookie to obtain the “random” values inside it. If this user can leak a session cookie owned...

autoremoteserver (>=0.1.5 <=0.2.3), bloater-renewed (=1.0.0) +3 more potentially affected by CVE-2019-8903 via total.js (>=1.2.3 <=2.9.30)

total.js NPM version =1.2.3, =0.1.5, =0.1.0, =0.0.1, =0.0.2 - vuejs-totaljs-project =1.0.0 Source cves: CVE-2019-8903 Source advisory: OSV:GHSA-3Q32-J57W-Q4W7...