CVE-2025-67443

MEDIUM

Schlix CMS < 2.2.9-5 - Stored Cross-Site Scripting via Login Form

Title source: llm

Description

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

References (2)

Core 2

Core References

Third Party Advisory

https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2

Vendor Advisory

https://www.schlix.com/news/release/december-2025-errata-5-bug-fix-release.html#:~:text=Fixed%20XSS%20vulnerability%20bug%20when%20clicking%20New%20User%20%28thank%20you%20to%20Ak%C4%B1ner%20K%C4%B1sa%20who%20reported%20this%20security%20bug%20and%20provided%20reasonable%20time%20to%20fix%29

Scores

CVSS v3 6.1

EPSS 0.0016

EPSS Percentile 5.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

schlix/cms < 2.2.9-5

Published Dec 22, 2025

Tracked Since Feb 18, 2026