totaljs/cms

totaljs/cms

www.totaljs.com

Releases0

Stars255

Node.js Content Management System

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-48655 ↗	Oct 25, 2024Friday, 25 October 2024, 17:15	8.8 HIGH	—
An issue in Total.js CMS v.1.0 allows a remote attacker to execute arbitrary code via the func.js file.
CVE-2022-41392 ↗	Oct 7, 2022Friday, 7 October 2022, 19:15	5.4 MEDIUM	—
A cross-site scripting (XSS) vulnerability in TotalJS commit 8c2c8909 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.
CVE-2022-26565 ↗	Apr 1, 2022Friday, 1 April 2022, 22:15	4.8 MEDIUM	3.5 LOW
A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page.
CVE-2020-9381 ↗	Feb 24, 2020Monday, 24 February 2020, 22:15	7.5 HIGH	5 MEDIUM
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
CVE-2019-10260 ↗	Mar 28, 2019Thursday, 28 March 2019, 17:29	—	4.3 MEDIUM
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).