CVE-2026-48527 | haxtheweb haxcms-nodejs/haxcms-php up to 26.0.0 Attribute Name /system/api/saveNode cross site scripting

Inserito da Angelo Barbosa | Mag 29, 2026 | CVE

A vulnerability was found in haxtheweb haxcms-nodejs and haxcms-php up to 26.0.0 and classified as problematic. This affects an unknown function of the file /system/api/saveNode of the component Attribute Name Handler. Executing a manipulation can lead to cross site scripting.

This vulnerability is registered as CVE-2026-48527. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-48527 | haxtheweb haxcms-nodejs/haxcms-php up to 26.0.0 Attribute Name /system/api/saveNode cross site scripting

Post correlati

CVE-2024-47303 | Livemesh Addons for Elementor Plugin up to 8.5 on WordPress cross site scripting

CVE-2021-47205 | Linux Kernel up to 5.15.4 sunxi-ng ccu_reset initialization (b5dd513daa70/9bec2b9c6134)

CVE-2024-0737 | Xlightftpd Xlight FTP Server 1.1 Login user denial of service (ID 176553)

CVE-2024-3230 | Download Attachments Plugin up to 1.3 on WordPress cross site scripting