CVE-2022-41392

Name of the Vulnerable Software and Affected Versions TotalJS version 8c2c8909

Description A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website name text field under Main Settings.

Recommendations For version 8c2c8909, consider restricting access to the Main Settings section until a patch is available, and avoid using the Website name text field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.