VYPR

Schlix CMS

by Schlix

CVEs (2)

  • CVE-2019-11021HigOct 24, 2019
    risk 0.47cvss 7.2epss 0.02

    admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's…

  • CVE-2021-47834MedJan 16, 2026
    risk 0.42cvss 6.4epss 0.00

    Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other…