What is CVE-2019-15954?

CVE-2019-15954 is a vulnerability in N/a. Published 2019-09-05.

Is CVE-2019-15954 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-15954

An issue was discovered in Total.js CMS 12.0.0. An authenticated user with the widgets privilege can gain achieve Remote Command Execution (RCE) on the remote server by creating a malicious widget with a special tag containing JavaScript c…

EPSS: 0.569 (98.2th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework

References

github.com/beerpwn/CVE/blob/master/Totaljs_disclosure_report/report_final.pdf (x_refsource_MISC)
seclists.org/fulldisclosure/2019/Sep/5 (x_refsource_MISC)
packetstormsecurity.com/files/154924/Total.js-CMS-12-Widget-JavaScript-Code-Inj… (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-15954?: CVE-2019-15954 is a vulnerability in N/a. Published 2019-09-05.
Is CVE-2019-15954 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.