Skip to main content

Total Js

8 CVEs product

Monthly

CVE-2024-48655 HIGH POC This Week

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Total Js
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2022-44019 HIGH POC This Week

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Total Js
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2022-41392 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-30013 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-32831 npm HIGH POC PATCH This Week

Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Node.js Code Injection Python Total Js
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2021-23389 npm CRITICAL POC PATCH Act Now

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2021-23344 npm CRITICAL POC PATCH Act Now

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
CVSS 3.1
9.8
EPSS
4.8%
CVE-2019-8903 npm HIGH POC PATCH THREAT This Week

index.js in Total.js Platform before 3.2.3 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Total Js
NVD GitHub
CVSS 3.0
7.5
EPSS
72.1%
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Total Js
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC This Week

In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Total Js
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Total Js
NVD GitHub
EPSS 1% CVSS 7.2
HIGH POC PATCH This Week

Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Node.js Code Injection +2
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC PATCH Act Now

The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
EPSS 5% CVSS 9.8
CRITICAL POC PATCH Act Now

The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Total Js
NVD GitHub
EPSS 72% CVSS 7.5
HIGH POC PATCH THREAT This Week

index.js in Total.js Platform before 3.2.3 allows path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Total Js
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy