Haxcms Nodejs
Monthly
Stored cross-site scripting (XSS) in HAX CMS versions 11.0.6 through 24.x allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially leading to account takeover. Public exploit code exists for this vulnerability affecting both PHP and Node.js deployments. Users should upgrade to version 25.0.0 or later to remediate the issue.
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
HAX CMS PHP versions prior to 11.0.3 contain an OS command injection vulnerability in the `gitImportSite` functionality where insufficient input validation on user-supplied URL parameters allows authenticated attackers to bypass `filter_var` and `strpos` checks and execute arbitrary OS commands via the `set_remote` function's `proc_open` call. An authenticated attacker can leverage this to execute arbitrary commands and exfiltrate output, representing a critical post-authentication code execution risk with high real-world impact due to full OS command execution capability.
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. An authenticated attacker can create a HAX site with a website block pointing at an attacker-controlled server running Responder or a similar tool. The attacker can then conduct a phishing attack by convincing another user to visit their malicious HAX site to harvest credentials. Version 11.0.0 contains a patch for the issue.
HAX CMS PHP versions prior to 11.0.0 contain a stored cross-site scripting (XSS) vulnerability in the 'saveNode' and 'saveManifest' endpoints that fails to properly sanitize user input before storing it in the site's JSON schema. An authenticated attacker with low privileges can inject arbitrary JavaScript code through HTML tags (excluding direct <script> tags) that will execute in the context of generated HAX sites, potentially compromising site integrity and user data. The vulnerability has a high CVSS score of 8.5 due to network accessibility, low attack complexity, and cross-site impact, though real-world exploitation requires authenticated access and user interaction with the generated content.
Stored cross-site scripting (XSS) in HAX CMS versions 11.0.6 through 24.x allows authenticated attackers to inject malicious scripts that execute in other users' browsers, potentially leading to account takeover. Public exploit code exists for this vulnerability affecting both PHP and Node.js deployments. Users should upgrade to version 25.0.0 or later to remediate the issue.
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
HAX CMS PHP versions prior to 11.0.3 contain an OS command injection vulnerability in the `gitImportSite` functionality where insufficient input validation on user-supplied URL parameters allows authenticated attackers to bypass `filter_var` and `strpos` checks and execute arbitrary OS commands via the `set_remote` function's `proc_open` call. An authenticated attacker can leverage this to execute arbitrary commands and exfiltrate output, representing a critical post-authentication code execution risk with high real-world impact due to full OS command execution capability.
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, in the HAX site editor, users can create a website block to load another site in an iframe. The application allows users to supply a target URL in the website block. When the HAX site is visited, the client's browser will query the supplied URL. An authenticated attacker can create a HAX site with a website block pointing at an attacker-controlled server running Responder or a similar tool. The attacker can then conduct a phishing attack by convincing another user to visit their malicious HAX site to harvest credentials. Version 11.0.0 contains a patch for the issue.
HAX CMS PHP versions prior to 11.0.0 contain a stored cross-site scripting (XSS) vulnerability in the 'saveNode' and 'saveManifest' endpoints that fails to properly sanitize user input before storing it in the site's JSON schema. An authenticated attacker with low privileges can inject arbitrary JavaScript code through HTML tags (excluding direct <script> tags) that will execute in the context of generated HAX sites, potentially compromising site integrity and user data. The vulnerability has a high CVSS score of 8.5 due to network accessibility, low attack complexity, and cross-site impact, though real-world exploitation requires authenticated access and user interaction with the generated content.