CVE ID : CVE-2025-54128
Published : July 21, 2025, 9:15 p.m. | 3 hours, 25 minutes ago
Description : HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.7 and below, the NodeJS version of HAX CMS has a disabled Content Security Policy (CSP). This configuration is insecure for a production application because it does not protect against cross-site-scripting attacks. The contentSecurityPolicy value is explicitly disabled in the application’s Helmet configuration in app.js. This is fixed in version 11.0.8.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
Source: Read More