CVE-2026-48527 - Vulnerability Details
Type: CVE
Frequency: Mentioned 2 times
Threat intelligence on CVE-2026-48527. Found in 1 threat clusters across 2 articles.
Related Threat Clusters
- High-Severity Stored XSS Vulnerability in HAX CMS (CVE-2026-48527) (Threat Score: 74.0)
Recent Articles
- CVE-2026-48527 AKAOMA CVE VULNERABILITIES / 6h HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions up to and including 26.0.0 are affected by a stored cross-site scripting (XSS) vulnerability in the `/system/api/saveNode` endpoint. An authenticated user with a permission to edit pages can bypass the HTML sanitizer by injecting an event handler attribute without whitespace before the attribute name. @haxtheweb/haxcms-nodejs 26.0.1 and haxcms-php 26.0.2 patch the issue. - cve.akaoma.com
- CVE-2026-48527 - Exploits & Severity - Feedly