3 matches found
CVE-2025-54128
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy CSP. This configuration is insecure for a production application because it does not protect against...
GHSA-F38F-JVQJ-MFG6 NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...
NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
Summary The NodeJS version of HAX CMS uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication checks. Details If a user were to deploy haxcms-nodejs without modifying the default settings,...