Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2019-15954
HistorySep 05, 2019 - 6:31 p.m.

CVE-2019-15954

2019-09-0518:31:43
mitre
www.cve.org

8.9 High

AI Score

Confidence

High

0.354 Low

EPSS

Percentile

97.2%

JSON

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload: <script total>global.process.mainModule.require(child_process).exec(RCE);</script>

Related

zdt 1
nvd 2
prion 2
packetstorm 1
cve 2
attackerkb 1
osv 2
github 1
cvelist 1
zdt
zdt
Total.js CMS 12 - Widget JavaScript Code Injection Exploit
2019-10-22 00:00:00
nvd
nvd
CVE-2019-15954
2019-09-05 19:16:32
CVE-2020-9381
2020-02-24 22:15:12
prion
prion
Command injection
2019-09-05 19:16:00
Design/Logic Flaw
2020-02-24 22:15:00
packetstorm
packetstorm
Total.js CMS 12 Widget JavaScript Code Injection
2019-10-21 00:00:00
cve
cve
CVE-2019-15954
2019-09-05 19:16:32
CVE-2020-9381
2020-02-24 22:15:12
attackerkb
attackerkb
CVE-2019-15954: Total.js CMS 12 Widget Remote Code Execution
2019-09-05 00:00:00
osv
osv
Total.js CMS RCE Vulnerability
2022-05-24 16:55:31
CVE-2020-9381
2020-02-24 22:15:12
github
github
Total.js CMS RCE Vulnerability
2022-05-24 16:55:31
cvelist
cvelist
CVE-2020-9381
2020-02-24 21:25:54

8.9 High

AI Score

Confidence

High

0.354 Low

EPSS

Percentile

97.2%

JSON
Related for CVELIST:CVE-2019-15954
zdt1nvd2prion2packetstorm1cve2attackerkb1osv2github1cvelist1