Affected versions of this package are vulnerable to Directory Traversal.
An authenticated user with the
Pages privilege can conduct a path traversal attack
(../) to include
.html files that are outside the permitted directory.
total.js to version 3.4.0 or higher.