9 matches found
Improper Authorization
Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Improper Authorization in the API endpoints, which do not verify user permissions before performing operations. An attacker can gain unauthorized access to resources or perform actions...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...
CVE-2025-54127
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access
HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authenticati...
HAXcms with nodejs backend 安全漏洞
HAXcms with nodejs backend is an open source backend management system from HAX The Web. A security vulnerability exists in HAXcms with nodejs backend version 11.0.6 and earlier, which stems from disabling JWT checking in the default configuration, which could lead to authentication bypass...
HAXcms with nodejs backend 代码问题漏洞
HAXcms with nodejs backend is an open source backend management system from HAX The Web. A code issue vulnerability exists in HAXcms with nodejs backend that stems from improper session termination, which could lead to unauthorized access...
H5P-Nodejs-library 安全漏洞
H5P-Nodejs-library is a collection of server-side and client-side packages open-sourced by Lumi that can be used to use h5p in nodejs backends. A security vulnerability exists in H5P-Nodejs-library versions prior to 9.3.3, which stems from not calling sanitizeHtml on a plain text string...