EPSS
Percentile
21.4%
total.js is vulnerable to stored cross-site scripting. The vulnerability exists in upload function due to lack of sanitization which allows an attacker to execute arbitrary javascript via a javascript embedded PDF file.
upload
github.com/advisories/GHSA-72r3-9fpx-mq44
github.com/totaljs/framework
www.youtube.com/watch?v=E2784z7Bu2c