10 matches found
CVE-2025-11655 Total.js Flow SVG File unrestricted upload
A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been...
EUVD-2023-1569
Malicious code in bioql PyPI...
CVE-2023-30094
A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...
CVE-2023-30094
A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...
CVE-2023-30094
A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...
PT-2023-22536 · Unknown · Totaljs Flow
Name of the Vulnerable Software and Affected Versions: TotalJS Flow version 10 Description: A stored cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. This issue...
TotalJS Flow 跨站脚本漏洞
TotalJS Flow is an open source application for the Total.js Platform. A security vulnerability exists in version v10 of TotalJS Flow. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Platform Name field in the...
CVE-2023-30094
A stored cross-site scripting XSS vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module...
CVE-2023-30094
TotalJS Flow v10 is affected by a stored XSS in the platform name field of the Settings module (CVE-2023-30094). The vulnerability allows an attacker to inject and execute arbitrary scripts/HTML in the victim’s browser. Root cause appears to be insufficient input sanitization in related code path...