Package impact
npm / @haxtheweb/haxcms-nodejs
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-48527 | high | 8.7 | 8.7 | 20h ago | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode… | |||
| CVE-2026-46511 | high | — | 8.0 | 11d ago | HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack | |||
| CVE-2026-46396 | high | — | 8.0 | 11d ago | Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover | |||
| CVE-2026-46393 | high | — | 8.0 | 11d ago | HAXcms createSite SSRF Enables Arbitrary File Read |