CVE-2026-48527 - Exploits & Severity
Source: Feedly
Published:
<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)</p> <p>HAX CMS contains a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user can bypass the HTML sanitizer by injecting an event handler attribu