EPSS
Percentile
21.8%
Totaljs is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of input allowing an attacker to inject maliciously crafted script intot he Page Name text field when creating a new page.
bug.pocas.kr/2022/03/01/2022-03-05-CVE-2022-26565/
github.com/totaljs/cms/commit/95f54a552ef3941d1c77440f0f886f09ef40636e
github.com/totaljs/cms/issues/35