Peter Širka

5 exploits Active since Mar 2019
CVE-2019-10260 WRITEUP MEDIUM WRITEUP
Totaljs Total.js Cms < 3.3.0-13 - XSS
Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).
CVSS 6.1
CVE-2020-9381 WRITEUP HIGH WRITEUP
Totaljs Total.js Cms - Incorrect Authorization
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954.
CVSS 7.5
CVE-2021-23389 WRITEUP CRITICAL WRITEUP
Totaljs Total.js < 3.4.9 - Code Injection
The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2021-23390 WRITEUP CRITICAL WRITEUP
Totaljs Total4 < 0.0.43 - Code Injection
The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVSS 9.8
CVE-2021-32831 WRITEUP HIGH WRITEUP
Total.js <3.4.9 - Code Injection
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values leads to code-injection. This can cause a variety of impacts that include arbitrary code execution. This is fixed in version 3.4.9.
CVSS 7.5