Vulnerabilities in haxtheweb
33 resultsCVE-2026-46511HIGHHAXcms: Mass Token Exfiltration and Cross-Tenant HijackEPSS 0.3%CVE-2026-46390MEDIUMHAX CMS has Unauthenticated Git Access via User-Controlled KeyEPSS 0.3%CVE-2025-54129MEDIUMHAXiam allows for User EnumerationEPSS 0.3%CVE-2026-46357MEDIUMHAX CMS NodeJS application Vulnerable to Denial of Service using Malicious Import RequestEPSS 0.2%CVE-2026-46393HIGHHAXcms createSite SSRF Enables Arbitrary File ReadEPSS 0.2%CVE-2026-46396CRITICALHAX CMS has a stored XSS via <iframe> that allows access to sensitive client-side data and account takeoverEPSS 0.2%CVE-2026-46496CRITICALHAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theftEPSS 0.2%CVE-2026-48527HIGHHaxCMS has a stored Cross-Site Scripting (XSS) bypass in saveNode endpointEPSS 0.2%CVE-2025-49137HIGHHax CMS Stored Cross-Site Scripting vulnerabilityEPSS 0.2%CVE-2026-46392HIGHHAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload ValidationEPSS 0.2%CVE-2025-54128HIGHHAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site ScriptingEPSS 0.2%CVE-2026-46398HIGHHAX CMS Missing Secure Flag on CookieEPSS 0.2%CVE-2025-53642MEDIUMhaxcms-nodejs and haxcms-php Improperly Terminate SessionsEPSS 0.2%