8 matches found
EUVD-2020-30202
Malware in sbrugna...
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
Design/Logic Flaw
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
Total.js CMS 12 - Widget JavaScript Code Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...
CVE-2019-15954
creationtimestamp| type| source ---|---|--- 2019-10-21 20:43:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/totaljscmswidgetexec.rb 2019-10-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47531 2025-02-06 03:13:44+00:00|...
Total.js CMS 12 Widget JavaScript Code Injection
This module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution. This module requires Metasploit: https://metasploit.com/download Current sourc...
CVE-2019-15954
An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...
CVE-2019-15954
Total.js CMS 12.0.0 is affected by an authenticated-user widget privilege vulnerability that enables Remote Command Execution (RCE) when a malicious widget uses a crafted tag containing JavaScript evaluated server-side. The back-end tag evaluation can be forced to escape the sandbox via payload l...