CVE-2025-54128 | haxtheweb haxcms up to 11.0.7 Content Security Policy app.js contentSecurityPolicy cross site scripting

Inserito da Angelo Barbosa | Lug 21, 2025 | CVE

A vulnerability, which was classified as problematic, was found in haxtheweb haxcms up to 11.0.7. Affected is an unknown function of the file app.js of the component Content Security Policy Handler. The manipulation of the argument contentSecurityPolicy leads to cross site scripting.

This vulnerability is traded as CVE-2025-54128. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2025-54128 | haxtheweb haxcms up to 11.0.7 Content Security Policy app.js contentSecurityPolicy cross site scripting

Post correlati

CVE-2024-13270 | Drupal Freelinking up to 3.x authorization

CVE-2014-125109 | BestWebSoft Portfolio Plugin up to 2.27 bws_menu/bws_menu.php bws_add_menu_render bwsmn_form_email cross site scripting

CVE-2025-2790 | G Data Total Security 25.4.0.3/25.5.13.26 GDTunerSvc link following

CVE-2024-4668 | Gum Elementor Addon Plugin up to 1.3.4 on WordPress Price Table/Post Slider Widget cross site scripting