VYPR
High severityOSV Advisory· Published Jan 10, 2026· Updated Jan 13, 2026

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

CVE-2026-22704

Description

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@haxtheweb/haxcms-nodejsnpm
>= 11.0.6, < 25.0.025.0.0

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.