Lucene search
K

5 matches found

Snyk
Snyk
added 2026/05/19 7:51 p.m.10 views

NULL Pointer Dereference

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to NULL Pointer Dereference when an authenticated attacker sends a specially crafted site creation request to the createSite endpoint. A single request is sufficient to take the entire...

7.1CVSS5.4AI score0.0024EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:47 p.m.9 views

Insecure Storage of Sensitive Information

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Insecure Storage of Sensitive Information via the connectionSettings function. An attacker can gain unauthorized access to authentication tokens and impersonate other users by injectin...

8.8CVSS5.6AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 2:44 p.m.10 views

Use of a Broken or Risky Cryptographic Algorithm

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm via the hmacBase64 function. An attacker can obtain sensitive cryptographic material by sending a single unauthenticated HTTP request t...

9.8CVSS5.6AI score0.00295EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/19 2:44 p.m.10 views

Server-side Request Forgery (SSRF)

Overview @haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the createSite function. An attacker can access internal network resources and read arbitrary files by supplying crafted URLs or file paths to the...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References2
NOZOMI
NOZOMI
added 2026/04/15 12:0 a.m.9 views

Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0

Summary A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. Impact An authenticated user with custom fields privileges can define a malicious custom field containing a JavaScript payload. When the victi...

8.9CVSS5.8AI score0.00288EPSS
Exploits0Affected Software2
Rows per page
Query Builder