3 matches found
PT-2025-31547 · Unknown · @Nyariv/Sandboxjs
Name of the Vulnerable Software and Affected Versions: @nyariv/sandboxjs versions through 0.8.23 Description: A prototype pollution issue exists in @nyariv/sandboxjs, allowing attackers to inject arbitrary properties into Object.prototype via crafted JavaScript code. This can lead to a...
GHSA-V287-9W3V-X5C5 Total.js CMS RCE Vulnerability
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...
Total.js CMS RCE Vulnerability
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...