totaljs

Top products

The 15 most recently published vulnerabilities affecting totaljs.

• CVE-2025-11655Total.js Flow SVG File unrestricted upload4.7Oct 13, 2025
• CVE-2025-11019Total.js CMS Files Menu cross site scripting2.4Sep 26, 2025
• CVE-2025-10940Total.js CMS Layout admin layouts_save cross site scripting2.4Sep 25, 2025
• CVE-2024-48655An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.8.8Oct 25, 2024
• CVE-2023-30097A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task ...5.4May 4, 2023
• CVE-2023-30096A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user informat...5.4May 4, 2023
• CVE-2023-30095A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel descr...5.4May 4, 2023
• CVE-2023-30094A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the se...5.4May 4, 2023
• CVE-2023-27069A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account na...5.4Mar 14, 2023
• CVE-2023-27070A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform n...5.4Mar 14, 2023
• CVE-2022-44019In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.8.8Oct 29, 2022
• CVE-2022-41392A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under...5.4Oct 7, 2022
• CVE-2022-30013A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.5.4May 16, 2022
• CVE-2022-26565A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Pag...4.8Apr 1, 2022
• CVE-2021-32831Code injection in total.js7.5Aug 30, 2021