Описание
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application's Helmet configuration in app.js. This is fixed in version 11.0.8.
Уязвимые конфигурации
Конфигурация 1Версия до 11.0.8 (исключая)
cpe:2.3:a:psu:haxcms-nodejs:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 6%
0.00024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
github
7 месяцев назад
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting
EPSS
Процентиль: 6%
0.00024
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79