Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HAX CMS PHP Has a Stored XSS via Case-Sensitivity Mismatch in HTML Upload Validation
Vulnerability Description
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML files is case-sensitive. An HTML file uploaded with an uppercase extension (`.HTML`, `.Html`, `.HTM`) is still served as `text/html` but the forced-download header never applies, so the browser renders it inline and executes any embedded JavaScript in the HAXcms origin. This bypasses the mitigation shipped for CVE-2026-22704. Version 26.0.0 contains a fix.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
大小写敏感处理不恰当
Vulnerability Title
HAX 安全漏洞
Vulnerability Description
HAX是HAX The Web开源的一个HAX+CMS使用PHP后端管理的微型网站。 HAX 26.0.0之前版本存在安全漏洞,该漏洞源于saveFile端点验证上传扩展名不区分大小写但.htaccess规则区分大小写,可能导致上传大写扩展名的HTML文件绕过强制下载头并在浏览器中内联渲染执行JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A