Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

haxtheweb — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting haxtheweb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Haxtheweb primarily develops web applications and APIs for enterprise clients, with a core focus on custom business solutions. Historically, the organization has been associated with multiple remote code execution, cross-site scripting, and privilege escalation vulnerabilities across its products. Security assessments reveal consistent flaws in input validation and authentication mechanisms. While no major public breaches have been directly attributed to haxtheweb, its cumulative 16 CVEs indicate systemic security weaknesses in development practices. The organization's codebase frequently demonstrates inadequate sanitization of user inputs and misconfigured access controls, creating persistent exposure vectors for attackers.

Top products by haxtheweb: issues HAXiam
CVE IDTitleCVSSSeverityPublished
CVE-2026-35185 HAX CMS's public /server-status endpoint exposes authentication tokens, user activity, and client IP addresses — HAXiamCWE-284 7.5AIHighAI2026-04-06
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover — issuesCWE-79 8.1 High2026-01-10
CVE-2025-54378 HAX CMS Backend Lacks Comprehensive Authorization Checks — issuesCWE-285 8.3 High2025-07-26
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking — issuesCWE-1021 4.3 Medium2025-07-22
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets — issuesCWE-1392 7.3 High2025-07-22
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service — issuesCWE-20 6.5 -2025-07-21
CVE-2025-54129 HAXiam allows for User Enumeration — issuesCWE-204 4.3 Medium2025-07-21
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting — issuesCWE-79 6.1 -2025-07-21
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access — issuesCWE-1188 7.1 -2025-07-21
CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions — issuesCWE-613 4.8 Medium2025-07-11
CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability — issuesCWE-78 8.6 High2025-06-09
CVE-2025-49139 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability — issuesCWE-1021 5.3 Medium2025-06-09
CVE-2025-49138 HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter — issuesCWE-22 6.5 Medium2025-06-09
CVE-2025-49137 Hax CMS Stored Cross-Site Scripting vulnerability — issuesCWE-79 8.5 High2025-06-09
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint — issuesCWE-201 5.3 Medium2025-06-02
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution — issuesCWE-434 10.0 Critical2025-04-08

This page lists every published CVE security advisory associated with haxtheweb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.