VYPR

Packagist (Composer) package

elmsln/haxcms

pkg:composer/elmsln/haxcms

Vulnerabilities (4)

  • CVE-2025-54378Jul 26, 2025
    affected < 11.0.14fixed 11.0.14

    HAX CMS allows you to manage your microsite universe with PHP or NodeJs backends. In versions 11.0.13 and below of haxcms-nodejs and versions 11.0.8 and below of haxcms-php, API endpoints do not perform authorization checks when interacting with a resource. Both the JS and PHP ve

  • CVE-2025-54139Jul 22, 2025
    affected < 11.0.8fixed 11.0.8

    HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading th

  • CVE-2025-49138Jun 9, 2025
    affected < 11.0.0fixed 11.0.0

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbitrary files on the server by manipulating

  • CVE-2025-49137Jun 9, 2025
    affected < 11.0.0fixed 11.0.0

    HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input