Vulnerabilities > Totaljs > Total JS CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-24 | CVE-2020-9381 | Incorrect Authorization vulnerability in Totaljs Total.Js CMS 13.0.0 controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. | 7.5 |
| 2019-09-05 | CVE-2019-15955 | Use of Insufficiently Random Values vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 6.5 |
| 2019-09-05 | CVE-2019-15954 | Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 9.9 |
| 2019-09-05 | CVE-2019-15953 | Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 8.8 |
| 2019-09-05 | CVE-2019-15952 | Path Traversal vulnerability in Totaljs Total.Js CMS 12.0.0 An issue was discovered in Total.js CMS 12.0.0. | 8.8 |
| 2019-03-28 | CVE-2019-10260 | Cross-site Scripting vulnerability in Totaljs Total.Js CMS 12.0.0 Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format). | 6.1 |