VYPR
Vendor

Schlix

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2023-31505HigJan 31, 2024
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file upload vulnerability in Schlix CMS v2.2.8-1, allows remote authenticated attackers to execute arbitrary code and obtain sensitive information via a crafted .phtml file.

  • CVE-2019-11021HigOct 24, 2019
    risk 0.47cvss 7.2epss 0.02

    admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution. NOTE: "While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's…

  • CVE-2021-47834MedJan 16, 2026
    risk 0.42cvss 6.4epss 0.00

    Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other…