Total4
This hub aggregates every CVE we track for Total4, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
5
CVEs tracked
2
Critical
2
High
0
In CISA KEV
Severity distribution
HIGH2CRITICAL2MEDIUM1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 5 most recently published vulnerabilities affecting Total4.
- CVE-2023-30094A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the se...5.4
- CVE-2021-23390Arbitrary Code Execution9.8
- CVE-2019-15952An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted direct...8.8
- CVE-2019-15953An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly ...8.8
- CVE-2019-15954An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget ...9.9
Product normalization is registry-driven with AI assist and human review. How it works