CVE-2025-11019

Summary

A vulnerability has been found in Total.js CMS up to 19.9.0. This impacts an unknown function of the component Files Menu. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Affected Software

VendorProductVersion RangeStatus
Total.jsCMS19.0affected
Total.jsCMS19.1affected
Total.jsCMS19.2affected
Total.jsCMS19.3affected
Total.jsCMS19.4affected
Total.jsCMS19.5affected
Total.jsCMS19.6affected
Total.jsCMS19.7affected
Total.jsCMS19.8affected
Total.jsCMS19.9.0affected

Weaknesses

  • CWE-79: Cross Site Scripting
  • CWE-94: Code Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References