Vulnerabilities > Totaljs > Total JS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-07 | CVE-2022-41392 | Cross-site Scripting vulnerability in Totaljs Total.Js 20220820 A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings. | 5.4 |
| 2021-08-30 | CVE-2021-32831 | Code Injection vulnerability in Totaljs Total.Js Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. | 6.5 |
| 2019-02-18 | CVE-2019-8903 | Path Traversal vulnerability in Totaljs Total.Js index.js in Total.js Platform before 3.2.3 allows path traversal. | 5.0 |