Vulnerabilities > Totaljs

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-32831 Unspecified vulnerability in Totaljs Total.Js
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC.
network
low complexity
totaljs
7.2
2021-07-12 CVE-2021-23389 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
critical
9.8
2021-07-12 CVE-2021-23390 Code Injection vulnerability in Totaljs Total4
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
critical
9.8
2021-03-04 CVE-2021-23344 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
network
low complexity
totaljs CWE-94
critical
9.8
2020-02-24 CVE-2020-9381 Incorrect Authorization vulnerability in Totaljs Total.Js CMS 13.0.0
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI.
network
low complexity
totaljs CWE-863
7.5
2019-09-05 CVE-2019-15955 Use of Insufficiently Random Values vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-330
6.5
2019-09-05 CVE-2019-15954 Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-862
critical
9.9
2019-09-05 CVE-2019-15953 Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-862
8.8
2019-09-05 CVE-2019-15952 Path Traversal vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-22
8.8
2019-03-28 CVE-2019-10260 Cross-site Scripting vulnerability in Totaljs Total.Js CMS 12.0.0
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
network
low complexity
totaljs CWE-79
6.1