Primary

Context

HAXcms Improper Session Termination Vulnerability in Logout Function

Vulnerability

A vulnerability exists in HAXcms backends for Node.js and PHP, specifically in versions through 10.0.6 for Node.js and through 9.0.0 for PHP. The issue arises because the logout function fails to properly terminate a user's session or clear cookies, while also issuing a refresh token upon logout. This behavior can be exploited to access a user's account on a shared device and increases the risk of cookie-stealing attacks.

Impact

The vulnerability allows for improper session termination, potentially leading to unauthorized access to a user's account on a shared device and increased susceptibility to cookie-stealing attacks.

Remediation

Users can upgrade to HAXcms version 11.0.6 to address this vulnerability.

Added: Jul 11, 2025, 6:25 PM

Updated: Jul 11, 2025, 6:25 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

7.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HAXcms Improper Session Termination Vulnerability in Logout Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating