Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting
Vulnerability Description
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application's Helmet configuration in app.js. This is fixed in version 11.0.8.
CVSS Information
N/A
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
HAXcms with nodejs backend 跨站脚本漏洞
Vulnerability Description
HAXcms with nodejs backend是HAX The Web开源的一个后端管理系统。 HAXcms with nodejs backend 11.0.7及之前版本存在跨站脚本漏洞,该漏洞源于禁用内容安全策略,可能导致跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A