Lucene search

K
PsuHaxcms-nodejs

6 matches found

CVE
CVE
β€’added 2025/06/09 9:15 p.m.β€’48 views

CVE-2025-49141

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The set_remote function later passes this input into proc_open, yielding OS comm...

8.8CVSS9AI score0.00499EPSS
CVE
CVE
β€’added 2025/06/09 9:15 p.m.β€’44 views

CVE-2025-49139

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited...

6.5CVSS5.1AI score0.00048EPSS
CVE
CVE
β€’added 2025/06/09 9:15 p.m.β€’42 views

CVE-2025-49137

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in th...

8.5CVSS8.4AI score0.00041EPSS
CVE
CVE
β€’added 2025/07/21 9:15 p.m.β€’15 views

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses an insecure default configuration designed for local development. The default configuration does not perform authorization or authentication...

9.8CVSS6.5AI score0.00063EPSS
CVE
CVE
β€’added 2025/07/21 9:15 p.m.β€’7 views

CVE-2025-54128

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-...

7.2CVSS6.4AI score0.00031EPSS
CVE
CVE
β€’added 2025/07/21 9:15 p.m.β€’7 views

CVE-2025-54134

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles e...

7.1CVSS6.2AI score0.00071EPSS