Search for packages
| purl | pkg:npm/total4@0.0.43 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7qf3-hpdt-y3bu
Aliases: CVE-2023-30094 GHSA-jj45-24rw-v6jw |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-mxj2-rfkq-sqe1 | Code Injection The package total4 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions. |
CVE-2021-23390
GHSA-g7mq-rfj2-25wq |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T03:44:19.240219+00:00 | GitLab Importer | Affected by | VCID-7qf3-hpdt-y3bu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total4/CVE-2023-30094.yml | 38.6.0 |
| 2026-06-05T21:16:15.396911+00:00 | GHSA Importer | Fixing | VCID-mxj2-rfkq-sqe1 | https://github.com/advisories/GHSA-g7mq-rfj2-25wq | 38.6.0 |
| 2026-06-04T17:28:34.267898+00:00 | GithubOSV Importer | Fixing | VCID-mxj2-rfkq-sqe1 | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-g7mq-rfj2-25wq/GHSA-g7mq-rfj2-25wq.json | 38.6.0 |
| 2026-06-02T04:39:28.420277+00:00 | GitLab Importer | Fixing | VCID-mxj2-rfkq-sqe1 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/total4/CVE-2021-23390.yml | 38.6.0 |