Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
totaljs total.js vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-15952
An issue exists in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side ...
Totaljs Total.js Cms 12.0.0
9.9
CVSSv3
CVE-2019-15954
An issue exists in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the pr...
Totaljs Total.js Cms 12.0.0
1 EDB exploit
6.5
CVSSv3
CVE-2019-15955
An issue exists in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n...
Totaljs Total.js Cms 12.0.0
8.8
CVSSv3
CVE-2019-15953
An issue exists in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads t...
Totaljs Total.js Cms 12.0.0
5.4
CVSSv3
CVE-2022-41392
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.
Totaljs Total.js 2022-08-20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2