Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

issues — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in issues, with AI-generated Chinese analysis, references, and POCs.

Vendor: wixtoolset

CVE IDTitleCVSSSeverityPublished
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover CWE-79 8.1 High2026-01-10
CVE-2025-54378 HAX CMS Backend Lacks Comprehensive Authorization Checks CWE-285 8.3 High2025-07-26
CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking CWE-1021 4.3 Medium2025-07-22
CVE-2025-54137 NodeJS version of the HAX CMS application is distributed with Default Secrets CWE-1392 7.3 High2025-07-22
CVE-2025-54134 HAX CMS NodeJs's Improper Error Handling Leads to Denial of Service CWE-20 6.5 -2025-07-21
CVE-2025-54129 HAXiam allows for User Enumeration CWE-204 4.3 Medium2025-07-21
CVE-2025-54128 HAX CMS NodeJs's Disabled Content Security Policy Enables Cross-Site Scripting CWE-79 6.1 -2025-07-21
CVE-2025-54127 HAXcms's Insecure Default Configuration Leads to Unauthenticated Access CWE-1188 7.1 -2025-07-21
CVE-2025-53642 haxcms-nodejs and haxcms-php Improperly Terminate Sessions CWE-613 4.8 Medium2025-07-11
CVE-2025-49141 HaxCMS-PHP Command Injection Vulnerability CWE-78 8.6 High2025-06-09
CVE-2025-49139 @haxtheweb/haxcms-nodejs Iframe Phishing vulnerability CWE-1021 5.3 Medium2025-06-09
CVE-2025-49138 HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter CWE-22 6.5 Medium2025-06-09
CVE-2025-49137 Hax CMS Stored Cross-Site Scripting vulnerability CWE-79 8.5 High2025-06-09
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint CWE-201 5.3 Medium2025-06-02
CVE-2025-32028 HAX CMS PHP allows Insecure File Upload to Lead to Remote Code Execution CWE-434 10.0 Critical2025-04-08
CVE-2024-29188 Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files CWE-59 7.8 High2024-03-24
CVE-2024-29187 WiX based installers are vulnerable to binary hijack when run as SYSTEM CWE-732 7.3 High2024-03-24
CVE-2024-24810 WiX is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges CWE-426 8.3 High2024-02-07

All 18 known CVE vulnerabilities affecting issues with full Chinese analysis, references, and POCs where available.