5 matches found
Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
Summary An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues e.g., HAX-3...
CVE-2025-48996
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...
PT-2025-23555 · Hax · Hax Cms +1
Name of the Vulnerable Software and Affected Versions: HAX open-apis versions up to and including 10.0.2 Description: An unauthenticated information disclosure issue exists in the HAX content management system via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrie...