A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.
References
Link | Resource |
---|---|
https://www.youtube.com/watch?v=E2784z7Bu2c | Exploit Third Party Advisory |
https://github.com/totaljs/framework | Product Third Party Advisory |
Configurations
Information
Published : 2022-05-16 07:15
Updated : 2022-05-24 13:15
NVD link : CVE-2022-30013
Mitre link : CVE-2022-30013
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
totaljs
- total.js