CVE-2025-67443
Cross-Site Scripting in Schlix CMS Login Form Logs
Publication date: 2025-12-22
Last updated on: 2025-12-22
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schlix | cms | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67443 is a Stored Cross-Site Scripting (XSS) vulnerability in Schlix CMS versions before v2.2.9-5. It occurs because the login form does not properly sanitize JavaScript in incorrect login attempt logs. When an attacker crafts a malicious payload embedded in a URL and tricks an administrator into clicking it, the malicious script is stored and executed in the admin panel when viewing the login logs. This allows the attacker to execute arbitrary JavaScript in the context of the admin's browser. [1]
How can this vulnerability impact me? :
This vulnerability can lead to session hijacking, credential disclosure through stolen cookies or localStorage, phishing attacks, or forced actions performed with the administrator's privileges. The impact depends on the context and the privileges of the affected administrator, potentially allowing attackers to compromise the admin account and the CMS environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your Schlix CMS version is prior to v2.2.9-5 and by inspecting the login attempt logs in the admin panel for any suspicious or malicious JavaScript payloads embedded in the login form inputs, especially in the 'name' path segment. Since the vulnerability involves stored XSS triggered by incorrect login attempts, you can simulate incorrect login attempts with payloads in the username or URL path (e.g., /author/<payload>) and then review the admin panel logs to see if the payload executes. There are no specific commands provided, but monitoring HTTP requests for suspicious payloads and reviewing admin panel logs for script execution is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to upgrade Schlix CMS to version 2.2.9-5 or later, where the vendor has applied proper sanitization to the login form logging mechanism and removed the vulnerable History tab for new users. This patch fixes the XSS vulnerability. Additionally, avoid clicking on suspicious URLs that may contain malicious payloads and restrict admin access to the login attempt logs page until the update is applied. [1, 2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided resources do not specify how this XSS vulnerability in Schlix CMS affects compliance with common standards and regulations such as GDPR or HIPAA.