Vulnerabilities > Totaljs > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-30 | CVE-2022-44019 | OS Command Injection vulnerability in Totaljs Total.Js In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter. | 8.8 |
| 2021-08-30 | CVE-2021-32831 | Unspecified vulnerability in Totaljs Total.Js Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. | 7.2 |
| 2020-02-24 | CVE-2020-9381 | Incorrect Authorization vulnerability in Totaljs Total.Js CMS 13.0.0 controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. | 7.5 |
| 2019-09-05 | CVE-2019-15953 | Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 8.8 |
| 2019-09-05 | CVE-2019-15952 | Path Traversal vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 8.8 |
| 2019-02-18 | CVE-2019-8903 | Path Traversal vulnerability in Totaljs Total.Js index.js in Total.js Platform before 3.2.3 allows path traversal. | 7.5 |