Totvs Fluig vulnerabilities
2 known vulnerabilities affecting totvs/fluig.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2020-29134P2HIGHCVSS 8.6v1.6.4v1.6.5+1 more2021-03-05
CVE-2020-29134 [HIGH] CWE-22 CVE-2020-29134: The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64
The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4
nvd
CVE-2023-6275P3MEDIUMCVSS 6.1PoC≥ 1.6.0, < 1.8.12023-11-24
CVE-2023-6275 [MEDIUM] CWE-79 CVE-2023-6275: A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as prob
A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input ">alert(document.domain) leads to cross site scripting. The
nvd