Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
totaljs total.js vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-8903
index.js in Total.js Platform prior to 3.2.3 allows path traversal.
Totaljs Total.js
2 Github repositories
NA
CVE-2022-44019
In Total.js 4 prior to 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
Totaljs Total.js
7.5
CVSSv2
CVE-2021-23344
The package total.js prior to 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
Totaljs Total.js
7.5
CVSSv2
CVE-2021-23389
The package total.js prior to 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
Totaljs Total.js
7.5
CVSSv2
CVE-2020-28494
This affects the package total.js prior to 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option...
Totaljs Total.js
7.5
CVSSv2
CVE-2020-28495
This affects the package total.js prior to 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the applic...
Totaljs Total.js
6.5
CVSSv2
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
3.5
CVSSv2
CVE-2022-30013
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows malicious users to execute arbitrary web scripts via a JavaScript embedded PDF file.
Totaljs Total.js 3.4.5
6.5
CVSSv2
CVE-2019-15952
An issue exists in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side ...
Totaljs Total.js Cms 12.0.0
6.5
CVSSv2
CVE-2019-15953
An issue exists in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads t...
Totaljs Total.js Cms 12.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »