Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
totaljs vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-44019
In Total.js 4 prior to 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
Totaljs Total.js
5.4
CVSSv3
CVE-2022-30013
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows malicious users to execute arbitrary web scripts via a JavaScript embedded PDF file.
Totaljs Total.js 3.4.5
5.4
CVSSv3
CVE-2023-30094
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.
Totaljs Flow 10.0
7.5
CVSSv3
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote malicious users to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
Totaljs Total.js Cms 13.0.0
6.1
CVSSv3
CVE-2019-10260
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
Totaljs Total.js Cms 12.0.0
8.8
CVSSv3
CVE-2019-15952
An issue exists in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side ...
Totaljs Total.js Cms 12.0.0
8.8
CVSSv3
CVE-2019-15953
An issue exists in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads t...
Totaljs Total.js Cms 12.0.0
6.5
CVSSv3
CVE-2019-15955
An issue exists in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n...
Totaljs Total.js Cms 12.0.0
9.9
CVSSv3
CVE-2019-15954
An issue exists in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the pr...
Totaljs Total.js Cms 12.0.0
1 EDB exploit
4.8
CVSSv3
CVE-2022-26565
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.
Totaljs Content Management System
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »