Schlix Cms vulnerabilities
2 known vulnerabilities affecting schlix/schlix_cms.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-47964P2HIGHCVSS 8.8v2.2.6-62026-05-15
CVE-2021-47964 [HIGH] CWE-94 CVE-2021-47964: Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attacker
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious extension packages through the block manager. Attackers can upload a crafted ZIP file containing PHP code in the packageinfo.inc file and trigger execution by accessing the About tab of the installed
nvd
CVE-2021-47834P4MEDIUMCVSS 6.4v2.2.6-62026-01-16
CVE-2021-47834 [MEDIUM] CWE-79 CVE-2021-47834: Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticate
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users.
nvd