95 matches found
CVE-2026-48527
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
EUVD-2026-33286
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
CVE-2026-48527
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...
HAX CMS: Denial of Service using Malicious Import Request
Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...
GHSA-9R33-XHW8-4QQP HAX CMS: Denial of Service using Malicious Import Request
Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...
Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...
GHSA-JH3H-RPXG-FR36 Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...
PT-2026-41977
Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...
CVE-2026-22704
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...
CVE-2026-22704
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...
CVE-2026-22704
HAX CMS (HAX) has a stored XSS vulnerability affecting versions 11.0.6 up to, but not including, 25.0.0. The issue can lead to account takeover by injecting malicious HTML/JavaScript via uploaded content, with the Red Hat/ENISAOSV/NVD entries and Snyk advisory corroborating the stored XSS path an...
CVE-2026-22704 haxcms-php 11.0.6 Stored XSS Leading to Account Takeover
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...
EUVD-2025-17562
Malicious code in bioql PyPI...
EUVD-2025-17561
Malicious code in bioql PyPI...
EUVD-2025-17563
Malicious code in bioql PyPI...
EUVD-2025-17578
Malicious code in bioql PyPI...
EUVD-2025-10386
Malicious code in bioql PyPI...
EUVD-2025-22265
Malicious code in bioql PyPI...