CVE-2026-22704

High CVSS: 8.0

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.

Vendor

Psu

Product

Haxcms-nodejs

CWE

CWE-79

Yayın Tarihi

2026-01-10 07:16:03

Güncelleme

2026-02-05 20:59:55

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-79 Haxcms-nodejs HIGH Psu 2026

Referanslar

https://github.com/haxtheweb/haxcms-nodejs/commit/317a8ae29f88be389f7cfeffaef416957122d97e https://github.com/haxtheweb/haxcms-nodejs/releases/tag/v25.0.0 https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778

Benzer Kayıtlar

High

CVE-2025-54378

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcm…

Medium

CVE-2025-54139

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12…

High

CVE-2025-54137

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were dis…

Critical

CVE-2025-54127

HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and be…

High

CVE-2025-54128

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the…

Medium

CVE-2025-54129

HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versio…