CNNVD-202507-2819 Information

CNNVD ID

CNNVD-202507-2819

Related CVE

CVE-2025-54128

• CNNVD Published: 2025-07-21

Description (Chinese)

HAXcms with nodejs backend是HAX The Web开源的一个后端管理系统。 HAXcms with nodejs backend 11.0.7及之前版本存在跨站脚本漏洞，该漏洞源于禁用内容安全策略，可能导致跨站脚本攻击。

Description (English)

HAXcms with nodejs backend is a back-end management system for HAX The Web Open Source. HAXcms with nodejs backend 11.0.7 and earlier versions had a cross-site script loophole, which stemmed from a prohibited content security strategy and could lead to cross-site script attacks.

Hazard Level

Medium

Vulnerability Type

跨站脚本

Affected Vendor

HAX The Web

Published

2025-07-21

Last Modified

2026-02-24

References

https://github.com/haxtheweb/haxcms-nodejs/commit/ddb9351c6d6418008d4084a5b17fd6d611bc4e30 https://github.com/haxtheweb/issues/security/advisories/GHSA-59g8-h59f-8hjp

Patch

https://github.com/haxtheweb/issues