Total.js

This hub aggregates every CVE we track for Total.js, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Total.js.

• CVE-2025-11019Total.js CMS Files Menu cross site scripting2.4Sep 26, 2025
• CVE-2025-10940Total.js CMS Layout admin layouts_save cross site scripting2.4Sep 25, 2025
• CVE-2024-48655An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.8.8Oct 25, 2024
• CVE-2022-44019In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.8.8Oct 29, 2022
• CVE-2022-41392A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under...5.4Oct 7, 2022
• CVE-2022-30013A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.5.4May 16, 2022
• CVE-2021-32831Code injection in total.js7.5Aug 30, 2021
• CVE-2021-23389Arbitrary Code Execution9.8Jul 12, 2021
• CVE-2021-23344Remote Code Execution (RCE)9.8Mar 4, 2021
• CVE-2020-28494Command Injection8.6Feb 2, 2021
• CVE-2020-28495Prototype Pollution7.3Feb 2, 2021
• CVE-2019-10260Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).6.1Mar 28, 2019
• CVE-2019-8903index.js in Total.js Platform before 3.2.3 allows path traversal.7.5Feb 18, 2019