CVE-2025-54139: HAX CMS application pages vulnerable to clickjacking
(updated )
All pages within the HAX CMS application do not contain headers to stop other websites from loading the site within an iframe. This applies to both the CMS and generated sites.
References
- github.com/advisories/GHSA-54vw-f4xf-f92j
- github.com/haxtheweb/haxcms-nodejs/commit/777f9a7ff9675a160496f350d766df1f1f9b9b99
- github.com/haxtheweb/haxcms-php/commit/708dc8518928fe307044e67bff8b0f397cfdd606
- github.com/haxtheweb/issues
- github.com/haxtheweb/issues/security/advisories/GHSA-54vw-f4xf-f92j
- nvd.nist.gov/vuln/detail/CVE-2025-54139
Code Behaviors & Features
Detect and mitigate CVE-2025-54139 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →