Product
totaljs total.js
26 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-11019
CVE-2025-10940
CVE-2024-48655
CVE-2023-30097
CVE-2023-30096
CVE-2023-30095
CVE-2023-30094
CVE-2023-27070
CVE-2023-27069
CVE-2022-44019
CVE-2022-41392
CVE-2022-30013
CVE-2022-26565
CVE-2021-32831
CVE-2021-23390
CVE-2021-23389
CVE-2021-23344
CVE-2020-28495
CVE-2020-28494
CVE-2020-9381
CVE-2019-15955
CVE-2019-15954
CVE-2019-15953
CVE-2019-15952
CVE-2019-10260
CVE-2019-8903
< 19.9.0
A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The man
all versions
A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ o
all versions
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web sc
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web sc
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web sc
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML vi
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web
all versions
A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web
< 2022-09-26
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter
all versions
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML vi
all versions
A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrar
< 2022-02-28
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitr
< 3.4.9
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel
< 0.0.43
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
< 3.4.9
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
< 3.4.8
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
< 3.4.7
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path.
< 3.4.7
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter
all versions
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ UR
all versions
An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the
all versions
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command E
all versions
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that th
all versions
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack
all versions
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
< 3.2.3
index.js in Total.js Platform before 3.2.3 allows path traversal.