4 matches found
EUVD-2021-34817
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and...
CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
Schlix CMS cross-site scripting vulnerability
Schlix CMS is a set of open-source content management systems developed by Schlix company, based on PHP and MySQL. The Schlix CMS 2.2.6-6 version has a cross-site scripting vulnerability. This vulnerability stems from the storage-based cross-site scripting in category titles, which may lead to th...
Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Exploit Title: Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting Authenticated Date: 2021-05-05 Exploit Author: Emircan Baş Vendor Homepage: https://www.schlix.com/ Software Link: https://www.schlix.com/downloads/schlix-cms/schlix-cms-v2.2.6-6.zip Version: 2.2.6-6 Tested on: Windows &...