4 matches found
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
CVE-2020-9381
controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954...
CVE-2020-9381
Summary of findings (Total.js CMS): CVE-2020-9381 and related CVEs affect Total.js CMS (notably version 13) with remote code execution via a POST to /admin/api/widgets/ on controllers/admin.js. The root cause is a widget handling path that can evaluate malicious JavaScript payloads, enabling an a...