{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T08:38:39.064","vulnerabilities":[{"cve":{"id":"CVE-2025-53642","sourceIdentifier":"security-advisories@github.com","published":"2025-07-11T18:15:35.123","lastModified":"2025-08-22T16:52:08.603","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"haxcms-nodejs and haxcms-php are backends for HAXcms. The logout function within the application does not terminate a user's session or clear their cookies. Additionally, the application issues a refresh token when logging out. This vulnerability is fixed in 11.0.6."},{"lang":"es","value":"haxcms-nodejs y haxcms-php son backends para HAXcms. La función de cierre de sesión de la aplicación no cierra la sesión del usuario ni borra sus cookies. Además, la aplicación emite un token de actualización al cerrar sesión. Esta vulnerabilidad se corrigió en la versión 11.0.6."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:H\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-613"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:psu:haxcms-nodejs:*:*:*:*:*:node.js:*:*","versionEndExcluding":"11.0.6","matchCriteriaId":"C760A93C-A6C5-457F-9913-4CFFBC00E20E"},{"vulnerable":true,"criteria":"cpe:2.3:a:psu:haxcms-php:*:*:*:*:*:*:*:*","versionEndExcluding":"11.0.6","matchCriteriaId":"17EB8163-34F7-4A85-BC57-B0050F8A2AA6"}]}]}],"references":[{"url":"https:\/\/github.com\/haxtheweb\/issues\/security\/advisories\/GHSA-g4f5-5w5j-p5jg","source":"security-advisories@github.com","tags":["Issue Tracking","Third Party Advisory"]}]}}]}