Primary

Context

Schlix CMS Cross-Site Scripting Vulnerability in Login Logs

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Schlix CMS versions prior to 2.2.9-5. The issue arises from inadequate JavaScript sanitization in the login form, allowing malicious payloads to be logged as XSS and executed in the admin panel. This vulnerability requires the admin to access the login attempt logs page for exploitation.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected logs. This could lead to session hijacking, credential theft through stolen cookies or localStorage, phishing attacks, or unauthorized actions performed on behalf of the victim.

Remediation

Users are advised to upgrade to Schlix CMS version 2.2.9-5, which addresses this vulnerability.

Added: Dec 22, 2025, 5:30 PM

Updated: Dec 22, 2025, 5:30 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

1.7

exploitability

7.9

remediation

7.7

relevance

1.6

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Schlix CMS Cross-Site Scripting Vulnerability in Login Logs

Vulnerability

Impact

Remediation

Affected Products

Schlix CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating