OsVault/npm/@haxtheweb/haxcms-nodejs
npm

@haxtheweb/haxcms-nodejs

10 known vulnerabilities · 0 critical · 0 high

GHSA-6c8g-9hfh-pq5h

HAXcms: Private Key Disclosure via Broken HMAC Implementation

Published May 19, 2026
GHSA-9r33-xhw8-4qqp

HAX CMS: Denial of Service using Malicious Import Request

Published May 19, 2026
GHSA-jh3h-rpxg-fr36

Stored XSS via <iframe> in HAX CMS allows access to sensitive client-side data and account takeover

Published May 19, 2026
CVE-2025-54378

HAX CMS API Lacks Authorization Checks

Published Jul 25, 2025
CVE-2025-54139

HAX CMS application pages vulnerable to clickjacking

Published Jul 21, 2025
GHSA-q862-gcgq-5m6g

HAXcms createSite SSRF Enables Arbitrary File Read

Published May 19, 2026
GHSA-x3x5-7h4h-gwxg

HAXcms: Mass Token Exfiltration and Cross-Tenant Hijack

Published May 19, 2026
CVE-2026-22704

HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover

Published Jan 13, 2026
GHSA-2m6p-hm3w-6jm3

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

Published May 19, 2026
GHSA-g2g8-95qg-v35h

HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint

Published May 29, 2026
Check your entire dependency tree at onceRun dependency scan →