Lucene search
K

96 matches found

CNNVD
CNNVD
added 2023/05/04 12:0 a.m.7 views

TotalJS messenger 跨站脚本漏洞

TotalJS messenger is a Node.js open source Slack alternative to the Total.js Platform open source. A security vulnerability exists in TotalJS messenger. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into a private task...

5.4CVSS6.1AI score0.00667EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.5 views

PT-2023-22538 · Total.Js · Total.Js

Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to...

5.4CVSS5.5AI score0.00667EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2023/05/04 12:0 a.m.7 views

CVE-2023-30095

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...

5.3AI score0.00667EPSS
Exploits1References3
CVE
CVE
added 2023/05/04 12:0 a.m.56 views

CVE-2023-30094

TotalJS Flow v10 is affected by a stored XSS in the platform name field of the Settings module (CVE-2023-30094). The vulnerability allows an attacker to inject and execute arbitrary scripts/HTML in the victim’s browser. Root cause appears to be insufficient input sanitization in related code path...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.6 views

TotalJS Flow 跨站脚本漏洞

TotalJS Flow is an open source application for the Total.js Platform. A security vulnerability exists in version v10 of TotalJS Flow. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Platform Name field in the...

5.4CVSS6.1AI score0.00667EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.8 views

PT-2023-22539 · Unknown · Totaljs Messenger

Name of the Vulnerable Software and Affected Versions: TotalJS messenger affected versions not specified Description: A stored cross-site scripting XSS vulnerability in TotalJS messenger allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task...

5.4CVSS5.3AI score0.00667EPSS
Exploits1References7
CVE
CVE
added 2023/05/04 12:0 a.m.56 views

CVE-2023-30095

CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...

5.4CVSS5.2AI score0.00667EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2023/03/14 4:15 p.m.4 views

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

5.4CVSS6.2AI score0.00521EPSS
Exploits1References3
NVD
NVD
added 2023/03/14 4:15 p.m.16 views

CVE-2023-27070

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...

5.4CVSS5.3AI score0.00521EPSS
Exploits1References3
NVD
NVD
added 2023/03/14 4:15 p.m.24 views

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

5.4CVSS5.3AI score0.00521EPSS
Exploits1References3
OSV
OSV
added 2023/03/14 4:15 p.m.6 views

CVE-2023-27070

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...

5.4CVSS5.9AI score0.00521EPSS
Exploits1References3
Prion
Prion
added 2023/03/14 4:15 p.m.14 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

4.9CVSS5.2AI score0.00521EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/03/14 4:15 p.m.14 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...

4.9CVSS5.2AI score0.00521EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/14 12:0 a.m.8 views

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

5.3AI score0.00521EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.5 views

TotalJS OpenPlatform 跨站脚本漏洞

TotalJS OpenPlatform is a simple enterprise-ready platform for TotalJS individual developers. It is used to run, integrate and manage multiple web applications. A security vulnerability exists in version b80b09d of TotalJS OpenPlatform, which stems from the presence of a stored cross-site scripti...

5.4CVSS5.7AI score0.00521EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/03/14 12:0 a.m.8 views

CVE-2023-27070

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...

5.3AI score0.00521EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/14 12:0 a.m.31 views

CVE-2023-27069

A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...

5.4AI score0.00521EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.5 views

PT-2023-20931 · Unknown · Totaljs Openplatform

Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. This enables the execution of...

5.4CVSS6.5AI score0.00521EPSS
Exploits1References7
CVE
CVE
added 2023/03/14 12:0 a.m.87 views

CVE-2023-27070

TotalJS OpenPlatform is affected by a stored XSS in the platform name field introduced by commit b80b09d. Affected component: platform name input handling in OpenPlatform. Impact: attacker could execute arbitrary web scripts/HTML in the user’s browser. Exploit details are not described in these d...

5.4CVSS5.2AI score0.00521EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.6 views

PT-2023-20933 · Unknown · Totaljs Openplatform

Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. Recommendations: For version...

5.4CVSS5.5AI score0.00521EPSS
Exploits1References5
Rows per page
Query Builder