Vulnerabilities > Totaljs > Critical

DATE CVE VULNERABILITY TITLE RISK
2021-07-12 CVE-2021-23389 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
critical
 9.8
9.8
2021-07-12 CVE-2021-23390 Code Injection vulnerability in Totaljs Total4
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
critical
 9.8
9.8
2021-03-04 CVE-2021-23344 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
network
low complexity
totaljs CWE-94
critical
 9.8
9.8
2019-09-05 CVE-2019-15954 Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-862
critical
 9.9
9.9