Total.js Cms Security Vulnerabilities and Issues — Total.js Cms CVE List

Lucene search

TotaljsTotal.js Cms

3 matches found

CVE•added 2019/09/05 7:16 p.m.•82 views

CVE-2019-15953

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical ...

8.8CVSS8.5AI score0.00743EPSS

CVE•added 2019/09/05 7:16 p.m.•77 views

CVE-2019-15952

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. ...

8.8CVSS8.8AI score0.07942EPSS

CVE•added 2024/10/25 5:15 p.m.•41 views

CVE-2024-48655

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.

8.8CVSS7.9AI score0.04145EPSS