EUVD-2026-33286 EUVD - European Vulnerability Database / 6h EUVD Id : EUVD-2026-33286 Published : 2026-05-29 Updated 2026-05-29 Associated IDs : GHSA-g2g8-95qg-v35h, CVE-2026-48527 CVSS Base Score : 8.7 CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N Description HaxCMS has a stored Cross-Site Scripting (XSS) bypass in its saveNode endpoint Affected Vendors haxtheweb Affected products and versions Product: haxcms-nodejs - Version: Product: haxcms-php - Version: