Trigerman

Name of the Vulnerable Software and Affected Versions HAX CMS versions prior to 25.0.0 Description HAX CMS, used for managing microsite universes with PHP or NodeJs backends, has an issue where the `/server-status` endpoint is publicly accessible in versions prior to 25.0.0. This exposure allows unauthenticated users to access sensitive information, including authentication tokens (`user token`), user activity, client IP addresses, and server configuration details, enabling monitoring of real-time user interactions and gathering of internal infrastructure information. Recommendations Update to version 25.0.0 or later.