CVE-2025-54378
- EPSS 0.06%
- Veröffentlicht 26.07.2025 03:27:34
- Zuletzt bearbeitet 21.08.2025 20:54:52
HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a re...
CVE-2025-54139
- EPSS 0.07%
- Veröffentlicht 22.07.2025 23:24:13
- Zuletzt bearbeitet 22.08.2025 15:19:58
HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent ...
CVE-2025-53642
- EPSS 0.03%
- Veröffentlicht 11.07.2025 17:33:05
- Zuletzt bearbeitet 22.08.2025 16:52:08
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is ...