[HIGH] HAX CMS API Lacks Authorization Checks

PKSA-4nk3-12nx-g3f7 CVE-2025-54378 GHSA-9jr9-8ff3-m894

Affected version: <11.0.14

Reported by:
GitHub

[MEDIUM] HAX CMS application pages vulnerable to clickjacking

PKSA-c643-15gb-71h6 CVE-2025-54139 GHSA-54vw-f4xf-f92j

Affected version: <11.0.8

Reported by:
GitHub

[MEDIUM] HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter

PKSA-55mh-q49p-tqr3 CVE-2025-49138 GHSA-hxrr-x32w-cg8g

Affected version: <11.0.0

Reported by:
GitHub

[HIGH] Hax CMS Stored Cross-Site Scripting vulnerability

PKSA-5myq-vgd8-dphs CVE-2025-49137 GHSA-2vc4-3hx7-v7v7

Affected version: <11.0.0

Reported by:
GitHub