TOTVS Fluig Platform - Cross-Site Scripting

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input...

CVE-2023-4710

A vulnerability classified as problematic was found in TOTVS RM 12.1. Affected by this vulnerability is an unknown functionality of the component Portal. The manipulation of the argument d leads to cross site scripting. The attack can be launched remotely. The identifier VDB-238573 was assigned t...

EUVD-2023-54558

Malicious code in bioql PyPI...

EUVD-2025-10537

Malicious code in bioql PyPI...

EUVD-2023-54557

Malicious code in bioql PyPI...

EUVD-2025-28825

Malicious code in bioql PyPI...

CVE-2025-9193

A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and...

CVE-2025-9193

TOTVS Portal Meu RH (versions up to 12.1.17) contains a vulnerability in the Password Reset Handler where manipulating the redirectUrl argument can cause an open redirect. The issue is exploitable remotely and affects products no longer supported by the maintainer. Upgrading is recommended to mit...

CVE-2025-9193 TOTVS Portal Meu RH Password Reset redirect

A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and...

CVE-2025-9193 TOTVS Portal Meu RH Password Reset redirect

A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and...

CVE-2023-4709

A vulnerability classified as problematic has been found in TOTVS RM 12.1. Affected is an unknown function of the file Login.aspx of the component Portal. The manipulation of the argument VIEWSTATE leads to cross site scripting. It is possible to launch the attack remotely. The complexity of an...

CVE-2023-6275

A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "...

CVE-2020-29134

The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4...

CVE-2024-55210

An issue in TOTVS Framework Linha Protheus 12.1.2310 allows attackers to bypass multi-factor authentication MFA via a crafted websocket message...

CVE-2024-55210

An issue in TOTVS Framework Linha Protheus 12.1.2310 allows attackers to bypass multi-factor authentication MFA via a crafted websocket message...

CVE-2024-55210

An issue in TOTVS Framework Linha Protheus 12.1.2310 allows attackers to bypass multi-factor authentication MFA via a crafted websocket message...

CVE-2024-55210

An issue in TOTVS Framework Linha Protheus 12.1.2310 allows attackers to bypass multi-factor authentication MFA via a crafted websocket message...

CVE-2024-55210

CVE-2024-55210 affects TOTVS Framework (Linha Protheus) version 12.1.2310. A crafted websocket message can bypass multi-factor authentication, exposing potential unauthorized access to sensitive areas. Documents from PT Security explicitly tie the issue to version 12.1.2310 and recommend temporar...

CVE-2024-55210

An issue in TOTVS Framework Linha Protheus 12.1.2310 allows attackers to bypass multi-factor authentication MFA via a crafted websocket message...

TOTVS 安全漏洞

TOTVS is a complete human resource management solution from the Brazilian company TOTVS. A security vulnerability exists in TOTVS version 12.1.2310, which stems from vulnerability to a specially crafted websocket message bypassing multi-factor authentication attack...