CVE-2025-67443
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://www.schlix.com/news/release/december-2025-errata-5-bug-fix-release.html#:~:text=Fixed%20XSS%20vulnerability%20bug%20when%20clicking%20New%20User%20%28thank%20you%20to%20Ak%C4%B1ner%20K%C4%B1sa%20who%20reported%20this%20security%20bug%20and%20provided%20reasonable%20time%20to%20fix%29
- https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.