HIGH🇵🇱 Wersja polska

CVE-2026-22704

CVSS 8.0v3.1pub. 2026-01-10upd. 2026-02-05

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Psu Haxcms Node.js

    APP
    Psu
    11.0.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2025-54127CRITICAL9.3PL ✓ten sam produkt

HAXcms Node.js — brak uwierzytelnienia przez niebezpieczną konfigurację domyślną

CVE-2025-54378HIGH8.3ten sam produkt

HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and belo...

CVE-2025-54137HIGH7.3ten sam produkt

HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and belo...

CVE-2025-54128HIGH7.2ten sam produkt

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and b...

CVE-2025-54134HIGH7.1ten sam produkt

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and b...