Vulnerability Database

318,638

Total vulnerabilities in the database

CVE-2026-22704

HAX CMS helps manage microsite universe with PHP or NodeJs backends. In versions 11.0.6 to before 25.0.0, HAX CMS is vulnerable to stored XSS, which could lead to account takeover. This issue has been patched in version 25.0.0.

Published: Jan 10, 2026
Updated: Jan 11, 2026
CVE: CVE-2026-22704
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8
AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/haxtheweb/haxcms-nodejs/commit/317a8ae29f88be389f7cfeffaef416957122d97e
https://github.com/haxtheweb/haxcms-nodejs/releases/tag/v25.0.0
https://github.com/haxtheweb/issues/security/advisories/GHSA-3fm2-xfq7-7778

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo