Every CVE whose affected-product data names Totaljs Total.js Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2019-15954 — CVSS 9.9 (critical): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution…
CVE-2019-15952 — CVSS 8.8 (high): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to…
CVE-2019-15953 — CVSS 8.8 (high): An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not…
CVE-2020-9381 — CVSS 7.5 (high): controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This…
CVE-2019-15955 — CVSS 6.5 (medium): An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random…
CVE-2019-10260 — CVSS 6.1 (medium): Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).