CVE-2025-54128

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application's Helmet configuration in app.js. This is fixed in version 11.0.8.

haxtheweb/issues
haxtheweb/issues
Issue queue for hax, haxcms, elmsln, lrnwebcomponents, wcfactory, websites and more.
GitHubGitHub
12
haxtheweb/haxcms-nodejs
haxtheweb/haxcms-nodejs
HAX + CMS to manage your microsite universe with NodeJS backend
GitHubGitHub
3