Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
total.js cms vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote malicious users to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
Totaljs Total.js Cms 13.0.0
4.3
CVSSv2
CVE-2019-10260
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
Totaljs Total.js Cms 12.0.0
6.5
CVSSv2
CVE-2019-15953
An issue exists in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads t...
Totaljs Total.js Cms 12.0.0
6.5
CVSSv2
CVE-2019-15952
An issue exists in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side ...
Totaljs Total.js Cms 12.0.0
9
CVSSv2
CVE-2019-15954
An issue exists in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the pr...
Totaljs Total.js Cms 12.0.0
1 EDB exploit
4
CVSSv2
CVE-2019-15955
An issue exists in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n...
Totaljs Total.js Cms 12.0.0
3.5
CVSSv2
CVE-2022-30013
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows malicious users to execute arbitrary web scripts via a JavaScript embedded PDF file.
Totaljs Total.js 3.4.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started