Vulnerability Database
296,621
Total vulnerabilities in the database
CVE-2023-30094
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.
| Software | From | Fixed in |
|---|---|---|
total4
|
- | 0.0.81 |
| totaljs / flow | 10.0 | 10.0.x |
- https://github.com/totaljs/flow/issues/100
- https://github.com/totaljs/framework4/commit/e2cea690c3fe4453e94da896a69f832511f65179
- https://www.edoardoottavianelli.it/CVE-2023-30094
- https://www.edoardoottavianelli.it/CVE-2023-30094/
- https://www.youtube.com/watch?v=8VbTm2sIdBE
- https://www.youtube.com/watch?v=vOb9Fyg3iVo
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime