CVE-2025-67443
Unknown Unknown - Not Provided
Cross-Site Scripting in Schlix CMS Login Form Logs

Publication date: 2025-12-22

Last updated on: 2025-12-22

Assigner: MITRE

Description
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-22
Last Modified
2025-12-22
Generated
2026-06-16
AI Q&A
2025-12-23
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67443
EUVD
EUVD-2025-204734
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
schlix cms *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67443 is a Stored Cross-Site Scripting (XSS) vulnerability in Schlix CMS versions before v2.2.9-5. It occurs because the login form does not properly sanitize JavaScript in incorrect login attempt logs. When an attacker crafts a malicious payload embedded in a URL and tricks an administrator into clicking it, the malicious script is stored and executed in the admin panel when viewing the login logs. This allows the attacker to execute arbitrary JavaScript in the context of the admin's browser. [1]

Impact Analysis

This vulnerability can lead to session hijacking, credential disclosure through stolen cookies or localStorage, phishing attacks, or forced actions performed with the administrator's privileges. The impact depends on the context and the privileges of the affected administrator, potentially allowing attackers to compromise the admin account and the CMS environment. [1]

Detection Guidance

This vulnerability can be detected by checking if your Schlix CMS version is prior to v2.2.9-5 and by inspecting the login attempt logs in the admin panel for any suspicious or malicious JavaScript payloads embedded in the login form inputs, especially in the 'name' path segment. Since the vulnerability involves stored XSS triggered by incorrect login attempts, you can simulate incorrect login attempts with payloads in the username or URL path (e.g., /author/<payload>) and then review the admin panel logs to see if the payload executes. There are no specific commands provided, but monitoring HTTP requests for suspicious payloads and reviewing admin panel logs for script execution is recommended. [1]

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Schlix CMS to version 2.2.9-5 or later, where the vendor has applied proper sanitization to the login form logging mechanism and removed the vulnerable History tab for new users. This patch fixes the XSS vulnerability. Additionally, avoid clicking on suspicious URLs that may contain malicious payloads and restrict admin access to the login attempt logs page until the update is applied. [1, 2]

Compliance Impact

The provided resources do not specify how this XSS vulnerability in Schlix CMS affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67443. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart