4411 matches found
CVE-2025-54134
CVE-2025-54134 affects HAX CMS NodeJs. In versions 11.0.8 and earlier, the NodeJS backend crashes when an authenticated attacker sends API requests to the affected endpoints (listFiles and saveFiles) without required URL parameters. The issue arises from improper exception handling after changes ...
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles...
CVE-2025-54128
CVE-2025-54128 affects the NodeJS version of HAX CMS. In versions ≤11.0.7, CSP is disabled in the Helmet config (app.js), creating vulnerability to cross-site scripting. The issue is fixed in version 11.0.8. Affected project: HAX CMS NodeJS; root cause: explicit CSP disablement. Impact statements...
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against...
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against...
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
@haxtheweb/create (>=0.1.3 <=11.0.2), @haxtheweb/open-apis (=11.0.2) potentially affected by CVE-2025-54137 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=10.0.6)
@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2 - @haxtheweb/open-apis =11.0.2 Source cves: CVE-2025-54137 Source advisory: OSV:GHSA-5FPV-5QVH-7CF3...
@haxtheweb/create (>=0.1.3 <=25.0.0), @haxtheweb/open-apis (>=11.0.2 <=11.0.3) potentially affected by CVE-2025-54134 via @haxtheweb/haxcms-nodejs (>=0.0.13 <=11.0.15)
@haxtheweb/haxcms-nodejs NPM version =0.0.13, =0.1.3, =11.0.2, =11.0.3 Source cves: CVE-2025-54134 Source advisory: OSV:GHSA-PJJ3-J5J6-QJ27...
GHSA-PJJ3-J5J6-QJ27 HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service
Summary The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. Details This vulnerability exists because the application does not properly handle exceptions...
HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service
Summary The HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. Details This vulnerability exists because the application does not properly handle exceptions...
GHSA-59G8-H59F-8HJP NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting
Summary The NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. Details The contentSecurityPolicy value is explicitly disabled in the application's Helme...
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting
Summary The NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. Details The contentSecurityPolicy value is explicitly disabled in the application's Helme...
GHSA-F38F-JVQJ-MFG6 NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
PT-2025-30348 · Unknown · Haxcms-Nodejs
Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJs versions 11.0.8 and below Description: HAX CMS NodeJs, a system for managing microsite universes with a NodeJs backend, is susceptible to a crash issue. An authenticated attacker can trigger this issue by sending API requests t...
PT-2025-30345 · Unknown · Haxcms-Nodejs
Name of the Vulnerable Software and Affected Versions: HAX CMS NodeJs versions 11.0.7 and below Description: HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. The NodeJS version of HAX CMS has a disabled Content Security Policy CSP in versions 11.0.7 and below...