CVE-2026-46511 | haxtheweb haxcms-nodejs/haxcms-php up to 25.x Setting connectionSettings cross site scripting (GHSA-x3x5-7h4h-gwxg)

A vulnerability was found in haxtheweb haxcms-nodejs and haxcms-php up to 25.x. It has been classified as problematic. Impacted is an unknown function of the file /system/api/connectionSettings of the component Setting Handler. This manipulation causes cross site scripting.

The identification of this vulnerability is CVE-2026-46511. It is possible to initiate the attack remotely. There is no exploit available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More