Количество 2
Количество 2
CVE-2025-54128
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application's Helmet configuration in app.js. This is fixed in version 11.0.8.
GHSA-59g8-h59f-8hjp
NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-54128 HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application's Helmet configuration in app.js. This is fixed in version 11.0.8. | CVSS3: 6.1 | 0% Низкий | 7 месяцев назад |
| GHSA-59g8-h59f-8hjp NodeJS version of HAX CMS Has Disabled Content Security Policy That Enables Cross-Site Scripting | 0% Низкий | 7 месяцев назад |
Уязвимостей на страницу