Haxtheweb Issues
15 CVEs affecting Haxtheweb Issues. Latest disclosed: 2026-01-10. Critical: 1, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-32028 | Critical | 10.0 | 2025-04-08 | HAX CMS PHP allows you to manage your microsite universe with PHP backend. Multiple file upload functions within the HAX CMS PHP application call a ’save’ func… |
CVE-2025-49141 | High | 8.6 | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string… |
CVE-2025-49137 | High | 8.5 | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user in… |
CVE-2025-54378 | High | 8.3 | 2025-07-26 | HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below… |
CVE-2026-22704 | High | 8.1 | 2026-01-10 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead… |
CVE-2025-54137 | High | 7.3 | 2025-07-22 | HAX CMS NodeJS allows users to manage their microsite universe with a NodeJS backend. Versions 11.0.9 and below were distributed with hardcoded default credent… |
CVE-2025-49138 | Medium | 6.5 | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerabil… |
CVE-2025-49139 | Medium | 5.3 | 2025-06-09 | HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website blo… |
CVE-2025-48996 | Medium | 5.3 | 2025-06-02 | HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerabili… |
CVE-2025-53642 | Medium | 4.8 | 2025-07-11 | haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Ad… |
CVE-2025-54139 | Medium | 4.3 | 2025-07-22 | HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11… |
CVE-2025-54129 | Medium | 4.3 | 2025-07-21 | HAXiam is a packaging wrapper for HAXcms which allows anyone to spawn their own microsite management platform. In versions 11.0.4 and below, the application re… |
CVE-2025-54134 | | 2025-07-21 | HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when… | |
CVE-2025-54128 | | 2025-07-21 | HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disable… | |
CVE-2025-54127 | | 2025-07-21 | HAXcms with nodejs backend allows users to start the server in any HAXsite or HAXcms instance. In versions 11.0.6 and below, the NodeJS version of HAXcms uses… |