Clickjacking
@haxtheweb/haxcms-nodejs and elmsln/haxcms are vulnerable to Clickjacking. The vulnerability is due to missing anti-framing headers caused by the absence of X-Frame-Options or equivalent headers in both the CMS and generated sites, allowing unauthenticated attackers to embed sensitive pages in...