Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/06/05 6:44 p.m.11 views

CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/05 12:0 a.m.7 views

HAXCMS 安全漏洞

HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS from 25.0.0 to 26.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that the haxcmsrefreshtoken cookie did not have the Secure flag set. This allowed the token to be...

8.8CVSS5.3AI score0.00183EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/29 12:26 p.m.38 views

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 10:17 p.m.10 views

UBUNTU-CVE-2026-49299

In OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defined policy rules use singular names. The mismatched names evaluate as allowed under the default policy, permitting a project reader to create and update tags...

5.3CVSS5.8AI score0.00295EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/04/18 12:0 a.m.9 views

Moby 安全漏洞

Moby is an open source project designed to drive containerization of software and help the ecosystem mainstream container technology. A security vulnerability exists in Moby versions 26.0.0 and 26.0.1 that stems from a vulnerability that allows an attacker to enable IPv6 on an IPv4-only network...

6.5CVSS4.7AI score0.00353EPSS
Exploits0References4
Rows per page
Query Builder