[MEDIUM] HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter

PKSA-55mh-q49p-tqr3 CVE-2025-49138 GHSA-hxrr-x32w-cg8g

Affected version: <11.0.0

Reported by:
GitHub

[HIGH] Hax CMS Stored Cross-Site Scripting vulnerability

PKSA-5myq-vgd8-dphs CVE-2025-49137 GHSA-2vc4-3hx7-v7v7

Affected version: <11.0.0

Reported by:
GitHub