Flow
by Totaljs
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-50881 | Hig | 0.57 | 8.8 | 0.01 | Mar 16, 2026 | The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates… | ||
| CVE-2025-11655 | Med | 0.31 | 4.7 | 0.00 | Oct 13, 2025 | A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The… | ||
| CVE-2025-20972 | 0.00 | — | 0.00 | May 7, 2025 | Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration. | |||
| CVE-2025-20971 | 0.00 | — | 0.00 | May 7, 2025 | Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow. | |||
| CVE-2023-30094 | 0.00 | — | 0.01 | May 4, 2023 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. |
- risk 0.57cvss 8.8epss 0.01
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates…
- risk 0.31cvss 4.7epss 0.00
A security flaw has been discovered in Total.js Flow up to 673ef9144dd25d4f4fd4fdfda5af27f230198924. The impacted element is an unknown function of the component SVG File Handler. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The…
- CVE-2025-20972May 7, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung Flow configuration.
- CVE-2025-20971May 7, 2025risk 0.00cvss —epss 0.00
Improper input validation in Samsung Flow prior to version 4.9.17.6 allows local attackers to access data within Samsung Flow.
- CVE-2023-30094May 4, 2023risk 0.00cvss —epss 0.01
A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module.