elmsln/haxcms

Packagist2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting elmsln/haxcmspage 1 of 1

CVE-2025-49137HIGHCVSS 8.5EG 8.5✓ Fixed in 11.0.0
2025-06-09
vulnerable: 0.0.1 ... 0.9.0 (17 versions)
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and…
CVE-2025-49138MEDIUMCVSS 6.5EG 6.5✓ Fixed in 11.0.0
2025-06-09
vulnerable: 0.0.1 ... 0.9.0 (17 versions)
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, an authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low-privileged user to read arbi…

Check whether elmsln/haxcms is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for elmsln/haxcms CVEs against the assets you own.

Start Free Scan →