Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

95 matches found

NVD
NVDadded 2026/05/29 1:16 p.m.8 views

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS0.00033EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/05/29 12:26 p.m.7 views

CVE-2026-48527 HaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpoint

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00033EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 12:26 p.m.10 views

EUVD-2026-33286

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 12:26 p.m.7 views

CVE-2026-48527

HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting XSS vulnerability in the /system/api/saveNode endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by...

8.7CVSS5.6AI score0.00033EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blogadded 2026/05/19 7:51 p.m.8 views

HAX CMS: Denial of Service using Malicious Import Request

Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...

6.5CVSS5.8AI score0.00059EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2026/05/19 7:51 p.m.3 views

GHSA-9R33-XHW8-4QQP HAX CMS: Denial of Service using Malicious Import Request

Summary The HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire application offline, requiring a manual server restart to restore service. Details The...

6.5CVSS5.8AI score0.00059EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/19 2:46 p.m.8 views

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

9.3CVSS5.9AI score0.00047EPSS
Exploits0References3Affected Software3
OSV
OSVadded 2026/05/19 2:46 p.m.2 views

GHSA-JH3H-RPXG-FR36 Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Summary A stored cross-site scripting XSS vulnerability exists in HAX CMS due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page is viewed. This enables attackers to execute arbitrary JavaScript in the conte...

8.6CVSS5.9AI score0.00047EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/05/19 12:0 a.m.16 views

PT-2026-41977

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 26.0.0 Description A stored cross-site scripting XSS issue exists due to improper sanitization of elements. The application permits the use of javascript: URIs within the src attribute, which execute when a malicious...

9.3CVSS5.4AI score0.00047EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/13 10:52 p.m.2 views

CVE-2026-22704

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

8CVSS6.8AI score0.00037EPSS
Exploits3References1
NVD
NVDadded 2026/01/10 7:16 a.m.2 views

CVE-2026-22704

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

8CVSS0.00037EPSS
Exploits3References3
Cvelist
Cvelistadded 2026/01/10 6:22 a.m.21 views

CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

8CVSS0.00037EPSS
Exploits3References3
CVE
CVEadded 2026/01/10 6:22 a.m.17 views

CVE-2026-22704

HAX CMS (HAX) has a stored XSS vulnerability affecting versions 11.0.6 up to, but not including, 25.0.0. The issue can lead to account takeover by injecting malicious HTML/JavaScript via uploaded content, with the Red Hat/ENISAOSV/NVD entries and Snyk advisory corroborating the stored XSS path an...

8CVSS6.4AI score0.00037EPSS
Exploits3References3Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/10 6:22 a.m.2 views

CVE-2026-22704 haxcms-php 11.0.6 Stored XSS Leading to Account Takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0...

8CVSS6.3AI score0.00037EPSS
Exploits3References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-17562

Malicious code in bioql PyPI...

8.5CVSS6.3AI score0.00276EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2025-17561

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00387EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-17563

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.00269EPSS
Exploits1References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-17578

Malicious code in bioql PyPI...

8.8CVSS6.3AI score0.04034EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-10386

Malicious code in bioql PyPI...

9.9CVSS6.5AI score0.00246EPSS
Exploits1References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-22265

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.00167EPSS
Exploits0References3
Rows per page
Query Builder