Lucene search
K

8 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-30202

Malware in sbrugna...

7.5CVSS7.5AI score0.02114EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 p.m.11 views

CVE-2020-9381

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

9.9CVSS7.7AI score0.79204EPSS
Exploits6References1
Prion
Prion
added 2020/02/24 10:15 p.m.16 views

Design/Logic Flaw

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...

5CVSS8.8AI score0.79204EPSS
Exploits6References2Affected Software1
0day.today
0day.today
added 2019/10/22 12:0 a.m.83 views

Total.js CMS 12 - Widget JavaScript Code Injection Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...

9.9CVSS0.2AI score0.79204EPSS
Exploits5
Circl
Circl
added 2019/10/21 8:43 p.m.48 views

CVE-2019-15954

creationtimestamp| type| source ---|---|--- 2019-10-21 20:43:35+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/totaljscmswidgetexec.rb 2019-10-22 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/47531 2025-02-06 03:13:44+00:00|...

9.9CVSS8.3AI score0.79204EPSS
Exploits5References2
Metasploit
Metasploit
added 2019/10/15 3:11 p.m.39 views

Total.js CMS 12 Widget JavaScript Code Injection

This module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution. This module requires Metasploit: https://metasploit.com/download Current sourc...

9.9CVSS7.3AI score0.79204EPSS
Exploits5
OSV
OSV
added 2019/09/05 7:16 p.m.4 views

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution RCE on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of...

9.9CVSS7.2AI score0.79204EPSS
Exploits5References3
CVE
CVE
added 2019/09/05 6:31 p.m.136 views

CVE-2019-15954

Total.js CMS 12.0.0 is affected by an authenticated-user widget privilege vulnerability that enables Remote Command Execution (RCE) when a malicious widget uses a crafted tag containing JavaScript evaluated server-side. The back-end tag evaluation can be forced to escape the sandbox via payload l...

9.9CVSS8.7AI score0.79204EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder