96 matches found
TotalJS messenger 跨站脚本漏洞
TotalJS messenger is a Node.js open source Slack alternative to the Total.js Platform open source. A security vulnerability exists in TotalJS messenger. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into a private task...
PT-2023-22538 · Total.Js · Total.Js
Name of the Vulnerable Software and Affected Versions: TotalJS messenger version b6cf1c9 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. This enables attackers to...
CVE-2023-30095
A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field...
CVE-2023-30094
TotalJS Flow v10 is affected by a stored XSS in the platform name field of the Settings module (CVE-2023-30094). The vulnerability allows an attacker to inject and execute arbitrary scripts/HTML in the victim’s browser. Root cause appears to be insufficient input sanitization in related code path...
TotalJS Flow 跨站脚本漏洞
TotalJS Flow is an open source application for the Total.js Platform. A security vulnerability exists in version v10 of TotalJS Flow. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the Platform Name field in the...
PT-2023-22539 · Unknown · Totaljs Messenger
Name of the Vulnerable Software and Affected Versions: TotalJS messenger affected versions not specified Description: A stored cross-site scripting XSS vulnerability in TotalJS messenger allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task...
CVE-2023-30095
CVE-2023-30095 affects TotalJS Messenger (commit b6cf1c9). It describes a stored XSS vulnerability in the channel description field, allowing an attacker to execute arbitrary web scripts or HTML in the context of the affected app. The vulnerability is evidenced across multiple sources, including ...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
Cross site scripting
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
TotalJS OpenPlatform 跨站脚本漏洞
TotalJS OpenPlatform is a simple enterprise-ready platform for TotalJS individual developers. It is used to run, integrate and manage multiple web applications. A security vulnerability exists in version b80b09d of TotalJS OpenPlatform, which stems from the presence of a stored cross-site scripti...
CVE-2023-27070
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field...
CVE-2023-27069
A stored cross-site scripting XSS vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field...
PT-2023-20931 · Unknown · Totaljs Openplatform
Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. This enables the execution of...
CVE-2023-27070
TotalJS OpenPlatform is affected by a stored XSS in the platform name field introduced by commit b80b09d. Affected component: platform name input handling in OpenPlatform. Impact: attacker could execute arbitrary web scripts/HTML in the user’s browser. Exploit details are not described in these d...
PT-2023-20933 · Unknown · Totaljs Openplatform
Name of the Vulnerable Software and Affected Versions: TotalJS OpenPlatform version b80b09d Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. Recommendations: For version...