📦 Haxcms Nodejs

HAX CMS versions 11.0.6 through 24.x are vulnerable to stored cross-site scripting (XSS), allowing attackers to inject malicious scripts that persist in the CMS. When executed, these scripts could lea...

CVE-2025-49141 is an OS command injection vulnerability in HAX CMS PHP's gitImportSite functionality. Authenticated attackers can execute arbitrary commands on the backend server by crafting malicious...

HAX CMS versions 11.0.12 and below (NodeJS) and 11.0.7 and below (PHP) lack X-Frame-Options headers, allowing attackers to embed the CMS login page and other sensitive interfaces in iframes. This enab...

HAX CMS NodeJS versions 11.0.7 and below have a disabled Content Security Policy (CSP), leaving the application vulnerable to cross-site scripting (XSS) attacks. This allows attackers to inject malici...

HAX CMS NodeJS versions 11.0.8 and below crash when authenticated attackers send API requests missing required URL parameters to listFiles and saveFiles endpoints. This denial-of-service vulnerability...

This vulnerability in HAXcms backends fails to properly terminate user sessions during logout, allowing attackers to maintain access to authenticated sessions. It affects all users of haxcms-nodejs an...