Peter Širka

8 exploits Active since Feb 2019
CVE-2019-10260 WRITEUP MEDIUM WRITEUP
Total.js CMS 12.0.0 - Stored Cross-Site Scripting in Admin Theme Message and Column Format
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
CVSS 6.1
CVE-2019-8903 WRITEUP HIGH WRITEUP
Total.js prior to 3.2.4 Directory Traversal
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVSS 7.5
CVE-2019-8903 WRITEUP HIGH WRITEUP
Total.js prior to 3.2.4 Directory Traversal
index.js in Total.js Platform before 3.2.3 allows path traversal.
CVSS 7.5
CVE-2019-10260 WRITEUP MEDIUM WRITEUP
Total.js CMS 12.0.0 - Stored Cross-Site Scripting in Admin Theme Message and Column Format
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
CVSS 6.1
CVE-2020-9381 WRITEUP HIGH WRITEUP
Total.js CMS 13 - Unauthenticated Remote Code Execution via Admin Widgets API
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
CVSS 7.5
CVE-2021-23389 WRITEUP CRITICAL WRITEUP
total.js < 3.4.9 - Remote Code Execution via U.set() and U.get() Functions
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2021-23390 WRITEUP CRITICAL WRITEUP
total4 < 0.0.43 - Remote Code Execution via U.set() and U.get() Functions
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2021-32831 WRITEUP HIGH WRITEUP
total.js < 3.4.9 - Remote Code Execution via utils.set Function
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
CVSS 7.5