Lucene search
+L

CVE-2019-15954

🗓️ 05 Sep 2019 18:31:43Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 136 Views🌐 WEB

An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with JavaScript code

Related
Detection
Refs
Paths
Social
ReporterTitlePublishedViews
Family
0day.today
Total.js CMS 12 - Widget JavaScript Code Injection Exploit
22 Oct 201900:00
zdt
ATTACKERKB
CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution
5 Sep 201900:00
attackerkb
Circl
CVE-2019-15954
21 Oct 201920:43
circl
CNVD
Total.js CMS Command Injection Vulnerability
6 Sep 201900:00
cnvd
Cvelist
CVE-2019-15954
5 Sep 201918:31
cvelist
Exploit DB
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
22 Oct 201900:00
exploitdb
Github Security Blog
Total.js CMS RCE Vulnerability
24 May 202216:55
github
Metasploit
Total.js CMS 12 Widget JavaScript Code Injection
15 Oct 201915:11
metasploit
NVD
CVE-2019-15954
5 Sep 201919:16
nvd
OSV
CVE-2019-15954
5 Sep 201919:16
osv
Rows per page
NVD
Node
ParameterPositionPathDescriptionCWE
namerequest body/admin/api/widgetsWidget creation endpoint where a crafted widget body can inject JavaScript executed on the server leading to RCE in Total.js CMS 12CWE-862
categoryrequest body/admin/api/widgetsWidget creation endpoint where a crafted widget body can inject JavaScript executed on the server leading to RCE in Total.js CMS 12CWE-862
bodyrequest body/admin/api/widgetsWidget creation endpoint where a crafted widget body can inject JavaScript executed on the server leading to RCE in Total.js CMS 12CWE-862

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 02:21Current
8.7High risk
Vulners AI Score8.7
CVSS 29
CVSS 3.19.9
EPSS0.79204
136