CVE-2026-46396

CVE-2026-46396

HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` elements. The application allows `javascri…

Vulnerability class: XSS (Cross-Site Scripting)

Weakness classification (CWE)

References