Emircan Baş

**Name of the Vulnerable Software and Affected Versions** Schlix CMS version 2.2.6-6 **Description** The application contains a persistent cross-site scripting issue. Authenticated users can inject malicious scripts into category titles. An attacker can create a new contact category with a script payload that will execute when the page is viewed by other users. The vulnerable area is the category title field. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for category titles to prevent script injection.