← voltar
CVE-2026-22704

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

CVSS 8.1 HIGHEPSS 1.0%CWE-79
HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Produtos afetados
haxtheweb · issues
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/52526não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/haxtheweb/haxcms-nodejs/commit/317a8ae29f88be389f7cfeffaef416957122d97ehttps://github.com/haxtheweb/haxcms-nodejs/releases/tag/v25.0.0https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778