Haxcms-nodejs Security Vulnerabilities and Issues — Haxcms-nodejs CVE List

Lucene search

PsuHaxcms-nodejs

3 matches found

CVE•added 2025/06/09 9:15 p.m.•49 views

CVE-2025-49141

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the gitImportSite functionality obtains a URL string from a POST request and insufficiently validates user input. The set_remote function later passes this input into proc_open, yielding OS comm...

8.8CVSS9AI score0.00576EPSS

CVE•added 2025/06/09 9:15 p.m.•42 views

CVE-2025-49137

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in th...

8.5CVSS8.4AI score0.00048EPSS

CVE•added 2025/07/26 4:16 a.m.•9 views

CVE-2025-54378

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP versions of the CMS d...

8.3CVSS6.1AI score0.00039EPSS