
We found results for “”
CVE-2025-53642
Good to know:


Date: July 11, 2025
haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6.
Severity Score
Severity Score
Weakness Type (CWE)
Insufficient Session Expiration
CWE-613Top Fix

Upgrade Version
Upgrade to version @haxtheweb/haxcms-nodejs - 11.0.6;https://github.com/haxtheweb/haxcms-php.git - v11.0.6;https://github.com/haxtheweb/haxcms-nodejs.git - v11.0.6
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |