HaxCMS Stored XSS Bypass via Event Handler Injection in saveNode

github.com 2026-05-29查看中文 →

Security AdvisoryHighhaxtheweb

Affected:

@haxtheweb/haxcms-nodejs <=26.0.0
haxcms-php <=26.0.0

Fixed in:

@haxtheweb/haxcms-nodejs 26.0.1
haxcms-php 26.0.2

Referenced CVEs: CVE-2026-48527 · 8.7

文章内图片已隐藏以节省流量 · Upgrade to Pro to view images & offline archive

This content was auto-fetched from github.com, cleaned by our LLM pipeline, and translated to English. View original.

More from this source

Supabase Capgo Org-scoped API Key Cross-Tenant RLS Bypass Leading to Secret Leakage 2026-06-20 Supabase Unauthenticated RPC Billing Log Tampering (Integrity/Billing Abuse) 2026-06-20 Critical OTP Bypass and Account Takeover Vulnerability 2026-06-20 CapGo Organization Admin Lockout via Auth Logic Flaw in Password Policy 2026-06-20 Cappo Critical Auth Logic Flaw: 2FA Misconfiguration Leads to Account Lockout 2026-06-20

Offline Archive

Offline screenshot & PDF are Pro-exclusive