haxtheweb

1 exploit Active since Jun 2026
CVE-2026-46493 WRITEUP HIGH WRITEUP
haxtheweb/haxcms-php uses insecure method for generating salt
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
CVSS 7.5