@haxtheweb/haxcms-nodejs@11.0.9 vulnerabilities
HAXcms single and multisite nodejs server, api, and administration
latest version
11.0.15
latest non vulnerable version
first published
1 years ago
latest version published
11 days ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @haxtheweb/haxcms-nodejs package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
@haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Improper Authorization in the API endpoints, which do not verify user permissions before performing operations. An attacker can gain unauthorized access to resources or perform actions beyond their intended privileges by sending crafted requests to the affected endpoints. How to fix Improper Authorization? Upgrade | <11.0.14 |
@haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Use of Default Credentials via the Note: This is exploitable if the instance is deployed without changing the default credentials or secrets. How to fix Use of Default Credentials? Upgrade | <11.0.10 |
@haxtheweb/haxcms-nodejs is a HAXcms nodejs backend Affected versions of this package are vulnerable to Improper Restriction of Rendered UI Layers or Frames via the lack of appropriate headers to prevent loading within an iframe. An attacker can trick users into performing unintended actions by embedding sensitive pages such as the standalone login page or other critical functionality within an iframe on a malicious site. How to fix Improper Restriction of Rendered UI Layers or Frames? Upgrade | <11.0.13 |