Vulnerabilities > Totaljs > Total JS CMS > High

DATE CVE VULNERABILITY TITLE RISK
2020-02-24 CVE-2020-9381 Incorrect Authorization vulnerability in Totaljs Total.Js CMS 13.0.0
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI.
network
low complexity
totaljs CWE-863
7.5
7.5
2019-09-05 CVE-2019-15953 Missing Authorization vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-862
8.8
8.8
2019-09-05 CVE-2019-15952 Path Traversal vulnerability in Totaljs Total.Js CMS 12.0.0
An issue was discovered in Total.js CMS 12.0.0.
network
low complexity
totaljs CWE-22
8.8
8.8