← volver
CVE-2026-22704

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

CVSS 8.1 HIGHEPSS 1.0%CWE-79
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Productos afectados
haxtheweb · issues
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/52526no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/haxtheweb/haxcms-nodejs/commit/317a8ae29f88be389f7cfeffaef416957122d97ehttps://github.com/haxtheweb/haxcms-nodejs/releases/tag/v25.0.0https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778