Lucene search
K

5 matches found

NVD
NVD
added 2026/06/05 7:16 p.m.11 views

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS0.0023EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 6:44 p.m.6 views

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 2026/06/05 6:44 p.m.29 views

CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS0.0023EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 6:44 p.m.11 views

CVE-2026-46396 HAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeover

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting XSS vulnerability exists in versions prior to 26.0.0 due to improper sanitization of elements. The application allows javascript: URIs in the src attribute, which are executed when a malicious page ...

9.3CVSS5.5AI score0.0023EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/19 2:46 p.m.10 views

Cross-site Scripting (XSS)

Overview @haxtheweb/iframe-loader is an Adds a loading indicator for iframes. Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization of elements that allow javascript: URIs in the src attribute. An attacker can execute arbitrary JavaScript in the...

9.3CVSS5.8AI score0.0023EPSS
Exploits0References2
Rows per page
Query Builder