Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
totaljs vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-30096
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.
Totaljs Messenger -
5.4
CVSSv3
CVE-2023-30095
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.
Totaljs Messenger -
9.8
CVSSv3
CVE-2021-23389
The package total.js prior to 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
Totaljs Total.js
9.8
CVSSv3
CVE-2021-23390
The package total4 prior to 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
Totaljs Total4
8.6
CVSSv3
CVE-2020-28494
This affects the package total.js prior to 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option...
Totaljs Total.js
7.5
CVSSv3
CVE-2019-8903
index.js in Total.js Platform prior to 3.2.3 allows path traversal.
Totaljs Total.js
2 Github repositories
5.4
CVSSv3
CVE-2023-30097
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.
Totaljs Messenger -
8.8
CVSSv3
CVE-2022-44019
In Total.js 4 prior to 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
Totaljs Total.js
9.8
CVSSv3
CVE-2021-23344
The package total.js prior to 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
Totaljs Total.js
7.2
CVSSv3
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »