0.001 Low
EPSS
Percentile
36.2%
total4 is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user-input sanitization in replace parameter of internal.js which allows an attacker to inject and execute arbitrary JavaScript into the browser
replace
internal.js
github.com/totaljs/flow/issues/100
github.com/totaljs/framework4/commit/e2cea690c3fe4453e94da896a69f832511f65179
www.edoardoottavianelli.it/CVE-2023-30094/
www.youtube.com/watch?v=vOb9Fyg3iVo