HAX CMS 24.x - Stored Cross-Site Scripting (XSS)

Exploit Title: HAX CMS 24.x - Stored Cross-Site Scripting XSS Date: 2026-01-28 Google Dork: "N/A" Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage: https://www.drupal.org/project/hax Software Link: https://github.com/elmsln/haxcms Version: PoC/t...

CVE-2026-22704 haxcms-php 11.0.6 Stored XSS Leading to Account Takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

CVE-2026-22704

creationtimestamp| type| source ---|---|--- 2026-01-09 18:45:17+00:00| published-proof-of-concept| https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778 2026-01-10 07:55:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mc2juuojxi2u 2026-01-10 08:01:06+00:00|...

CVE-2025-22704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through = 0.1...

CVE-2025-22704

creationtimestamp| type| source ---|---|--- 2025-02-03 15:17:01+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhbtl6sbvo2p 2025-02-03 15:40:34+00:00| seen| https://infosec.exchange/users/cve/statuses/113940708321242887 2025-08-26 18:36:19+00:00| seen|...

CVE-2025-22704

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through = 0.1...

CVE-2025-22704 WordPress Signature plugin <= 0.1 - Cross Site Request Forgery ( CSRF ) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Abinav Thakuri WordPress Signature allows Cross Site Request Forgery. This issue affects WordPress Signature: from n/a through 0.1...

CVE-2025-22704

CVE-2025-22704 corresponds to a vulnerability in the WordPress Signature plugin (wordpress-signature) specifically versions

CVE-2025-22704 WordPress Signature plugin <= 0.1 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Abinav Thakuri WordPress Signature wordpress-signature allows Reflected XSS.This issue affects WordPress Signature: from n/a through = 0.1...

CVE-2024-30337

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

CVE-2024-30337 Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious pa...

CVE-2024-30337

Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution (CVE-2024-30337) affects Foxit PDF Reader; it stems from not validating the existence of an object before performing operations on AcroForm objects. An attacker can trigger code execution in the target process by convincing a user to ...

CVE-2023-22704

creationtimestamp| type| source ---|---|--- 2023-03-23 15:48:38+00:00| seen| https://t.me/cibsecurity/60559...

CVE-2023-22704

Reflected Cross-Site Scripting XSS vulnerability in Michael Winkler teachPress plugin = 8.1.8 versions...

CVE-2023-22704

Reflected Cross-Site Scripting XSS vulnerability in Michael Winkler teachPress plugin = 8.1.8 versions...

CVE-2023-22704

The CVE-2023-22704 entry concerns the teachPress WordPress plugin, affected versions ≤ 8.1.8. The underlying issue is a Reflected Cross-Site Scripting (XSS) vulnerability, caused by the plugin not sanitizing/escaping inputs (notably the tab parameter) before output. Exploitation is described as p...

CVE-2023-22704 WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)

Reflected Cross-Site Scripting XSS vulnerability in Michael Winkler teachPress plugin = 8.1.8 versions...

WordPress teachPress Plugin <= 8.1.8 is vulnerable to Cross Site Scripting (XSS)

Software teachPress Type Plugin Vulnerable versions = 8.1.8 Fixed in 8.1.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-22704 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8de649d41654 Credits Nguyen Xuan Chien...

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - zabbix-agent2 package for Alpine Linux (CVE-2022-22704)

Summary Security Vulnerabilities affect IBM Cloud Private - zabbix-agent2 package for Alpine Linux Vulnerability Details CVEID: CVE-2022-22704 DESCRIPTION: zabbix-agent2 package for Alpine Linux could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a...

CVE-2022-22704

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would in effect determine part of the configuration...