Total.js CMS 12 Widget JavaScript Code Injection
Posted by deepcore on October 22, 2019 – 10:31 am
This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.
Post a reply
You must be logged in to post a comment.