CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30094
https://notcve.org/view.php?id=CVE-2023-30094
04 May 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. • https://github.com/totaljs/flow/issues/100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30095
https://notcve.org/view.php?id=CVE-2023-30095
04 May 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. • https://github.com/totaljs/messenger/issues/11 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30096
https://notcve.org/view.php?id=CVE-2023-30096
04 May 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. • https://github.com/totaljs/messenger/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30097
https://notcve.org/view.php?id=CVE-2023-30097
04 May 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. • https://github.com/totaljs/messenger/issues/9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27069
https://notcve.org/view.php?id=CVE-2023-27069
14 Mar 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field. • https://github.com/totaljs/openplatform/issues/52 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27070
https://notcve.org/view.php?id=CVE-2023-27070
14 Mar 2023 — A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. • https://github.com/totaljs/openplatform/issues/53 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 8%CPEs: 1EXPL: 3CVE-2022-44019
https://notcve.org/view.php?id=CVE-2022-44019
29 Oct 2022 — In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. En Total.js 4 anterior a 0e5ace7, /api/common/ping puede lograr la ejecución remota de comandos a través de metacaracteres de shell en el parámetro host. • https://github.com/totaljs/code/issues/12 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2022-41392
https://notcve.org/view.php?id=CVE-2022-41392
07 Oct 2022 — A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. Una vulnerabilidad de tipo cross-site scripting (XSS) en el commit 8c2c8909 de TotalJS permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el campo name text del sitio web en la configuración principal • https://github.com/totaljs/cms/issues/38 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30013
https://notcve.org/view.php?id=CVE-2022-30013
16 May 2022 — A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en la función de carga de totaljs CMS versión 3.4.5, permite a atacantes ejecutar scripts web arbitrarios por medio de un archivo PDF insertado en JavaScript • https://github.com/totaljs/framework • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-26565
https://notcve.org/view.php?id=CVE-2022-26565
01 Apr 2022 — A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. Una vulnerabilidad de cross-site scripting (XSS) en Totaljs todas las versiones antes del commit 95f54a5commit, permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload crafteado inyectado en el campo de texto Page Name al crear una nueva pá... • https://bug.pocas.kr/2022/03/01/2022-03-05-CVE-2022-26565 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •