CVE-2019-15953
Total.js CMS 12.0.0 is affected by CVE-2019-15953. An authenticated user with limited privileges can access resources they do not own via API requests, because privileges are enforced for front-end paths but not for the API. This enables vertical and horizontal privilege escalation. The connected...