Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
total.js vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-15955
An issue exists in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n...
Totaljs Total.js Cms 12.0.0
8.8
CVSSv3
CVE-2019-15952
An issue exists in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side ...
Totaljs Total.js Cms 12.0.0
9.9
CVSSv3
CVE-2019-15954
An issue exists in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the pr...
Totaljs Total.js Cms 12.0.0
1 EDB exploit
7.5
CVSSv3
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote malicious users to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
Totaljs Total.js Cms 13.0.0
5.4
CVSSv3
CVE-2022-41392
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.
Totaljs Total.js 2022-08-20
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2