Launch Week Day 1: Announcing Security Design Review
Start for Free
npm

@haxtheweb/haxcms-nodejs

View on npm registry
16 Total advisories
16 Vulnerabilities
0 Malware

Vulnerabilities

UNKNOWN
npm

CVE-2026-46511

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

UNKNOWN
npm

CVE-2026-46393

HAXcms createSite SSRF Enables Arbitrary File Read
UNKNOWN
npm

CVE-2026-46396

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover
UNKNOWN
npm

CVE-2026-46395

HAXcms: Private Key Disclosure via Broken HMAC Implementation
MEDIUM 6.5
npm

CVE-2026-46357

HAX CMS: Denial of Service using Malicious Import Request
UNKNOWN
npm

CVE-2026-46496

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft
HIGH 8.7
npm

CVE-2026-48527

HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint
HIGH 8.0
npm

CVE-2026-22704

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover
HIGH 8.3
npm

CVE-2025-54378

HAX CMS API Lacks Authorization Checks
MEDIUM 4.3
npm

CVE-2025-54139

HAX CMS application pages vulnerable to clickjacking
HIGH 7.3
npm

CVE-2025-54137

NodeJS version of the HAX CMS application is distributed with Default Secrets
UNKNOWN
npm

CVE-2025-54134

HAX CMS NodeJS Application Has Improper Error Handling That Leads to Denial of Service
UNKNOWN
npm

CVE-2025-54128

NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting
UNKNOWN
npm

CVE-2025-54127

NodeJS version of HAX CMS Has Insecure Default Configuration That Leads to Unauthenticated Access
HIGH 8.5
npm

CVE-2025-49141

HaxCMS-PHP Command Injection Vulnerability
MEDIUM 5.3
npm

CVE-2025-49139

@haxtheweb/haxcms-nodejs Iframe Phishing vulnerability

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes