Vulnerabilities > Totaljs > Total JS > High

DATE CVE VULNERABILITY TITLE RISK
2022-10-30 CVE-2022-44019 OS Command Injection vulnerability in Totaljs Total.Js
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
network
low complexity
totaljs CWE-78
8.8
2021-07-12 CVE-2021-23389 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
network
low complexity
totaljs CWE-94
7.5
2021-03-04 CVE-2021-23344 Code Injection vulnerability in Totaljs Total.Js
The package total.js before 3.4.8 are vulnerable to Remote Code Execution (RCE) via set.
network
low complexity
totaljs CWE-94
7.5
2021-02-02 CVE-2020-28495 Unspecified vulnerability in Totaljs Total.Js
This affects the package total.js before 3.4.7.
network
low complexity
totaljs
7.5
2021-02-02 CVE-2020-28494 Command Injection vulnerability in Totaljs Total.Js
This affects the package total.js before 3.4.7.
network
low complexity
totaljs CWE-77
7.5