CVE-2019-15954

Опубликовано: 05 сент. 2019

Источник: nvd

CVSS3: 9.9

CVSS2: 9

EPSS Средний

Описание

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript code that will be evaluated server side. In the process of evaluating the tag by the back-end, it is possible to escape the sandbox object by using the following payload:

Ссылки

http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2019/Sep/5
Exploit
Mailing List
Third Party Advisory
http://packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Injection.html
Exploit
Third Party Advisory
VDB Entry
https://github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf
Exploit
Third Party Advisory
https://seclists.org/fulldisclosure/2019/Sep/5
Exploit
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:totaljs:total.js_cms:12.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.56909

Средний

9.9 Critical

CVSS3

9 Critical

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-v287-9w3v-x5c5