CVE-2025-54134: CWE-20: Improper Input Validation in haxtheweb issues
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.
CVE-2025-54134: CWE-20: Improper Input Validation in haxtheweb issues
Description
HAX CMS NodeJs allows users to manage their microsite universe with a NodeJs backend. In versions 11.0.8 and below, the HAX CMS NodeJS application crashes when an authenticated attacker provides an API request lacking required URL parameters. This vulnerability affects the listFiles and saveFiles endpoints. This vulnerability exists because the application does not properly handle exceptions which occur as a result of changes to user-modifiable URL parameters. This is fixed in version 11.0.9.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-07-16T23:53:40.510Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 687eaa92a83201eaac1449a5
Added to database: 7/21/2025, 9:01:06 PM
Last updated: 7/21/2025, 9:01:06 PM
Views: 1
Related Threats
CVE-2025-54128: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in haxtheweb issues
HighCVE-2025-54129: CWE-204: Observable Response Discrepancy in haxtheweb issues
MediumCVE-2025-7939: Unrestricted Upload in jerryshensjf JPACookieShop 蛋糕商城JPA版
MediumCVE-2025-54122: CWE-918: Server-Side Request Forgery (SSRF) in Manager-io Manager
CriticalCVE-2025-54127: CWE-1188: Insecure Default Initialization of Resource in haxtheweb issues
CriticalActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.