Shodan
Vulnerabilities
Vulnerable Software
Totaljs:  Security Vulnerabilities
CVE-2024-48655
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
CVSS Score
8.8
EPSS Score
0.044
Published
2024-10-25
CVE-2023-30094
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-04
CVE-2023-30095
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-04
CVE-2023-30096
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-04
CVE-2023-30097
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-05-04
CVE-2023-27069
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-14
CVE-2023-27070
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-03-14
CVE-2022-44019
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
CVSS Score
8.8
EPSS Score
0.023
Published
2022-10-30
CVE-2022-41392
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-10-07
CVE-2022-30013
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved