{"id":"CVE-2022-30013","details":"A stored cross-site scripting (XSS) vulnerability in the upload function of totaljs CMS 3.4.5 allows attackers to execute arbitrary web scripts via a JavaScript embedded PDF file.","modified":"2026-07-08T06:03:53.930189372Z","published":"2022-05-16T13:29:33Z","database_specific":{"cna_assigner":"mitre","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30013.json"},"references":[{"type":"WEB","url":"https://www.youtube.com/watch?v=E2784z7Bu2c"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/30xxx/CVE-2022-30013.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-30013"},{"type":"PACKAGE","url":"https://github.com/totaljs/framework"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/totaljs/framework","events":[{"introduced":"654228ebeea9938a125a5500b5b817c96d0e6058"},{"last_affected":"654228ebeea9938a125a5500b5b817c96d0e6058"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:totaljs:total.js:3.4.5:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"3.4.5"},{"last_affected":"3.4.5"}]}}],"versions":["3.4.5","v3.4.5"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-30013.json"}}],"schema_version":"1.7.5"}