Total.js CMS Files Menu cross site scripting_CVE-2025-11019

4.8 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Basic Information

ID CVE-2025-11019

Source VulDB

Published Sep 26, 2025 at 14:32

Modified Sep 26, 2025 at 15:01

Affected Product

Vendor Total.js

Product CMS

Version 19.0

Affected Versions Total.js CMS 19.0
Total.js CMS 19.1
Total.js CMS 19.2
Total.js CMS 19.3
Total.js CMS 19.4
Total.js CMS 19.5
Total.js CMS 19.6
Total.js CMS 19.7
Total.js CMS 19.8
Total.js CMS 19.9.0

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.",
    "published": "2025-09-26T14:32:07.098Z",
    "modified": "2025-09-26T15:01:48.580Z",
    "type": "cve",
    "title": "Total.js CMS Files Menu cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.325962\nhttps://vuldb.com/?ctiid.325962\nhttps://vuldb.com/?submit.651427",
    "id": "CVE-2025-11019",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "Total.js CMS 19.0\nTotal.js CMS 19.1\nTotal.js CMS 19.2\nTotal.js CMS 19.3\nTotal.js CMS 19.4\nTotal.js CMS 19.5\nTotal.js CMS 19.6\nTotal.js CMS 19.7\nTotal.js CMS 19.8\nTotal.js CMS 19.9.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "CMS",
    "version": "19.0",
    "vendor": "Total.js",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}