Total.js Cms@12.0.0 Security Vulnerabilities and Issues — Total.js Cms@12.0.0 CVE List

Lucene search

TotaljsTotal.js Cms12.0.0

5 matches found

CVE•added 2019/09/05 7:16 p.m.•117 views

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of ev...

9.9CVSS8.7AI score0.58874EPSS

CVE•added 2019/09/05 7:16 p.m.•83 views

CVE-2019-15955

An issue was discovered in Total.js CMS 12.0.0. A low privilege user can perform a simple transformation of a cookie to obtain the random values inside it. If an attacker can discover a session cookie owned by an admin, then it is possible to brute force it with O(n)=2n instead of O(n)=n^x complexi...

6.5CVSS6.4AI score0.00134EPSS

CVE•added 2019/09/05 7:16 p.m.•82 views

CVE-2019-15953

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with limited privileges can get access to a resource that they do not own by calling the associated API. The product correctly manages privileges only for the front-end resource path, not for API requests. This leads to vertical ...

8.8CVSS8.5AI score0.00743EPSS

CVE•added 2019/09/05 7:16 p.m.•77 views

CVE-2019-15952

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the Pages privilege can conduct a path traversal attack (../) to include .html files that are outside the permitted directory. Also, if a page contains a template directive, then the directive will be server side processed. ...

8.8CVSS8.8AI score0.07942EPSS

CVE•added 2019/03/28 5:29 p.m.•39 views

CVE-2019-10260

Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format).

6.1CVSS5.9AI score0.0024EPSS