2 matches found
CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...
HAXCMS 跨站脚本漏洞
HAXCMS is an open-source content management system developed by HAX The Web. Versions of HAXCMS prior to 26.0.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of iframe elements, which could allow attackers to execute arbitrary JavaScript in the victim...