2 matches found
CVE-2022-26565
A cross-site scripting XSS vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page...
CVE-2022-26565
Totaljs XSS (CVE-2022-26565): all versions prior to commit 95f54a5commit are vulnerable. An attacker can inject a crafted payload into the Page Name text field during page creation to execute arbitrary web scripts or HTML. The vulnerability is due to unsanitized input in the Page Name field, enab...