module
Total.js CMS 12 Widget JavaScript Code Injection
| Disclosed |
|---|
| 2019-08-30 |
Disclosed
2019-08-30
Description
This module exploits a vulnerability in Total.js CMS. The issue is that a user with
admin permission can embed a malicious JavaScript payload in a widget, which is
evaluated server side, and gain remote code execution.
admin permission can embed a malicious JavaScript payload in a widget, which is
evaluated server side, and gain remote code execution.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.