CNNVD-202512-3979 Information
CNNVD ID
CNNVD-202512-3979
Related CVE
- CNNVD Published: 2025-12-22
Description (Chinese)
Schlix CMS是Schlix公司的一套基于PHP和MySQL的开源内容管理系统(CMS)。 Schlix CMS v2.2.9-5之前版本存在安全漏洞,该漏洞源于登录表单中缺少javascript清理,可能导致管理面板中的XSS攻击。
Description (English)
Schlix CMS is an open-source content management system (CMS) based on PHP and MySQL for Schlix. There was a security loophole in the pre-Schlix CMS v2.2.9-5 version, which stemmed from the lack of javascript clean-up in the login forms, which could lead to an XSS attack in the management panel.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Schlix
Published
2025-12-22
Last Modified
2026-02-24
References
https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2 https://www.schlix.com/news/release/december-2025-errata-5-bug-fix-release.html#:~:text=Fixed%20XSS%20vulnerability%20bug%20when%20clicking%20New%20User%20%28thank%20you%20to%20Ak%C4%B1ner%20K%C4%B1sa%20who%20reported%20this%20security%20bug%20and%20provided%20reasonable%20time%20to%20fix%29 https://access.redhat.com/security/cve/cve-2025-67443
Patch
https://www.schlix.com/html/schlix-cms-downloads.html
Share on: