Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

npm

@haxtheweb/haxcms-nodejs

npm

HAXcms single and multisite nodejs server, api, and administration

View on github.com · View on npmjs.org

Security Advisories for @haxtheweb/haxcms-nodejs in npm

High
about 17 hours ago

HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint GSA_kwCzR0hTQS1nMmc4LTk1cWctdjM1aM4ABXuO

npm @haxtheweb/haxcms-nodejs
Moderate
10 days ago

HAX CMS: Denial of Service using Malicious Import Request GSA_kwCzR0hTQS05cjMzLXhodzgtNHFxcM4ABXHm

npm @haxtheweb/haxcms-nodejs
High
11 days ago

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack GSA_kwCzR0hTQS14M3g1LTdoNGgtZ3d4Z84ABXFj

npm @haxtheweb/haxcms-nodejs
High
11 days ago

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover GSA_kwCzR0hTQS1qaDNoLXJweGctZnIzNs4ABXFi

npm @haxtheweb/iframe-loader, @haxtheweb/video-player, @haxtheweb/haxcms-nodejs
Critical
11 days ago

HAXcms: Private Key Disclosure via Broken HMAC Implementation GSA_kwCzR0hTQS02YzhnLTloZmgtcHE1aM4ABXFh

npm @haxtheweb/haxcms-nodejs
Moderate
11 days ago

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft GSA_kwCzR0hTQS0ybTZwLWhtM3ctNmptM84ABXFf

npm @haxtheweb/video-player, @haxtheweb/haxcms-nodejs
High
11 days ago

HAXcms createSite SSRF Enables Arbitrary File Read GSA_kwCzR0hTQS1xODYyLWdjZ3EtNW02Z84ABXFe

npm @haxtheweb/haxcms-nodejs
High
5 months ago

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover GSA_kwCzR0hTQS0zZm0yLXhmcTctNzc3OM4ABQ9g

npm @haxtheweb/haxcms-nodejs
High
10 months ago

HAX CMS API Lacks Authorization Checks GSA_kwCzR0hTQS05anI5LThmZjMtbTg5NM4ABKiL

packagist, npm elmsln/haxcms, @haxtheweb/haxcms-nodejs
Moderate
10 months ago

HAX CMS application pages vulnerable to clickjacking GSA_kwCzR0hTQS01NHZ3LWY0eGYtZjkyas4ABKWO

packagist, npm elmsln/haxcms, @haxtheweb/haxcms-nodejs
High
10 months ago

NodeJS version of the HAX CMS application is distributed with Default Secrets GSA_kwCzR0hTQS01ZnB2LTVxdmgtN2NmM84ABKWM

npm @haxtheweb/haxcms-nodejs
High
10 months ago

HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service GSA_kwCzR0hTQS1wamozLWo1ajYtcWoyN84ABKWL

npm @haxtheweb/haxcms-nodejs
High
10 months ago

NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting GSA_kwCzR0hTQS01OWc4LWg1OWYtOGhqcM4ABKWK

npm @haxtheweb/haxcms-nodejs
Critical
10 months ago

NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access GSA_kwCzR0hTQS1mMzhmLWp2cWotbWZnNs4ABKWJ

npm @haxtheweb/haxcms-nodejs
High
12 months ago

HaxCMS-PHP Command Injection Vulnerability GSA_kwCzR0hTQS1nNGNmLXBwNHgtaHFnd84ABIzw

npm @haxtheweb/haxcms-nodejs
Moderate
12 months ago

@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability GSA_kwCzR0hTQS12M3BoLTJxNXEtY2c4OM4ABIzu

npm @haxtheweb/haxcms-nodejs

Filter by Severity

High 10 Moderate 4 Critical 2