Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

issues — Vulnerabilities & Security Advisories 19

All 19 CVE vulnerabilities found in issues, with AI-generated Chinese analysis, references, and POCs.

This page provides access to the vulnerability aggregation data for the Product: issues category, encompassing various vendor releases, specific product weaknesses, and associated security tags. The database collects historical vulnerability records spanning from 2010 to the present, ensuring a comprehensive view of long-term security trends and immediate threats. By utilizing this resource, users can effectively track vendor advisories as they are published, gain a deeper understanding of specific weakness classes and their evolution over time, and look up a product's complete vulnerability history to assess past risks. The aggregated data includes detailed metadata such as affected software versions, discovery dates, and remediation status, allowing security professionals to conduct thorough risk assessments and compliance checks without needing to visit multiple disparate sources. This centralized approach simplifies the process of identifying patterns in how certain vendors address security flaws and helps organizations prioritize patching efforts based on severity and exposure. The information is structured to facilitate easy searching and filtering, enabling analysts to isolate specific time periods or product lines for focused investigation. This resource serves as a foundational tool for maintaining software integrity and reducing the attack surface associated with known defects in the Product: issues ecosystem.

Vendor: wixtoolset

CVE IDTitleCVSSSeverityPublished
CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration CWE-613--2026-06-05
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover CWE-79 8.1 High2026-01-10
CVE-2025-54378 HAX CMS Backend Lacks Comprehensive Authorization Checks CWE-285 8.3 High2025-07-26
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking CWE-1021 4.3 Medium2025-07-22
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets CWE-1392 7.3 High2025-07-22
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service CWE-20 6.5 -2025-07-21
CVE-2025-54129 HAXiam allows for User Enumeration CWE-204 4.3 Medium2025-07-21
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting CWE-79 6.1 -2025-07-21
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access CWE-1188 7.1 -2025-07-21
CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions CWE-613 4.8 Medium2025-07-11
CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability CWE-78 8.6 High2025-06-09
CVE-2025-49139 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability CWE-1021 5.3 Medium2025-06-09
CVE-2025-49138 HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter CWE-22 6.5 Medium2025-06-09
CVE-2025-49137 Hax CMS Stored Cross-Site Scripting vulnerability CWE-79 8.5 High2025-06-09
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint CWE-201 5.3 Medium2025-06-02
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution CWE-434 10.0 Critical2025-04-08
CVE-2024-29188 Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files CWE-59 7.8 High2024-03-24
CVE-2024-29187 WiX based installers are vulnerable to binary hijack when run as SYSTEM CWE-732 7.3 High2024-03-24
CVE-2024-24810 WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges CWE-426 8.3 High2024-02-07

All 19 known CVE vulnerabilities affecting issues with full Chinese analysis, references, and POCs where available.