CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30094
https://notcve.org/view.php?id=CVE-2023-30094
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. • https://github.com/totaljs/flow/issues/100 https://www.edoardoottavianelli.it/CVE-2023-30094 https://www.youtube.com/watch?v=vOb9Fyg3iVo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30095
https://notcve.org/view.php?id=CVE-2023-30095
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. • https://github.com/totaljs/messenger/issues/11 https://www.edoardoottavianelli.it/CVE-2023-30095 https://www.youtube.com/watch?v=2k7e9E0Cw0Y • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30096
https://notcve.org/view.php?id=CVE-2023-30096
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. • https://github.com/totaljs/messenger/issues/10 https://www.edoardoottavianelli.it/CVE-2023-30096 https://www.youtube.com/watch?v=ZA7R001kE2w • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 3CVE-2023-30097
https://notcve.org/view.php?id=CVE-2023-30097
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. • https://github.com/totaljs/messenger/issues/9 https://www.edoardoottavianelli.it/CVE-2023-30097 https://www.youtube.com/watch?v=VAlbkvOm_DU • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-27070
https://notcve.org/view.php?id=CVE-2023-27070
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field. • https://github.com/totaljs/openplatform/issues/53 https://www.edoardoottavianelli.it/CVE-2023-27070 https://www.youtube.com/watch?v=4WJqcseH5qk • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •