Psu

Haxcms-php

8 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.3

CVE-2025-54378

Exploit
  • EPSS 0.06%
  • Veröffentlicht 26.07.2025 03:27:34
  • Zuletzt bearbeitet 21.08.2025 20:54:52

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a re...

6.1

CVE-2025-54139

Exploit
  • EPSS 0.07%
  • Veröffentlicht 22.07.2025 23:24:13
  • Zuletzt bearbeitet 22.08.2025 15:19:58

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent ...

6.5

CVE-2025-53642

  • EPSS 0.03%
  • Veröffentlicht 11.07.2025 17:33:05
  • Zuletzt bearbeitet 22.08.2025 16:52:08

haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is ...

6.5

CVE-2025-49138

Exploit
  • EPSS 0.12%
  • Veröffentlicht 09.06.2025 21:15:47
  • Zuletzt bearbeitet 30.07.2025 17:35:54

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files...

6.5

CVE-2025-49139

Exploit
  • EPSS 0.08%
  • Veröffentlicht 09.06.2025 21:15:47
  • Zuletzt bearbeitet 30.07.2025 17:35:58

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL i...

8.8

CVE-2025-49141

Exploit
  • EPSS 0.89%
  • Veröffentlicht 09.06.2025 21:15:47
  • Zuletzt bearbeitet 30.07.2025 17:36:08

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function lat...

6.1

CVE-2025-49137

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.06.2025 21:00:15
  • Zuletzt bearbeitet 30.07.2025 17:36:14

HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManif...

9.9

CVE-2025-32028

Exploit
  • EPSS 0.62%
  • Veröffentlicht 08.04.2025 16:06:33
  • Zuletzt bearbeitet 30.07.2025 17:36:18

HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ function in ’HAXCMSFile.php’. This save function uses a denylist to block specific file types f...