Total.js Security Vulnerabilities and Issues — Total.js CVE List | Vulners.com

Lucene search

K

TotaljsTotal.js

3 matches found

CVE•added 2022/05/16 2:15 p.m.•45 views

CVE-2022-30013

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.

5.4CVSS5.2AI score0.00195EPSS

CVE•added 2022/10/30 12:15 a.m.•39 views

CVE-2022-44019

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.

8.8CVSS8.8AI score0.02295EPSS

CVE•added 2022/10/07 7:15 p.m.•37 views

CVE-2022-41392

A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.

5.4CVSS5.3AI score0.00148EPSS