Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package total4, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2019-15954 — CVSS 9.9 (critical): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution…
CVE-2021-23390 — CVSS 9.8 (critical): The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.
CVE-2019-15952 — CVSS 8.8 (high): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to…
CVE-2019-15953 — CVSS 8.8 (high): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not…
CVE-2023-30094 — CVSS 5.4 (medium): A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a…