CVE-2021-47834

Name of the Vulnerable Software and Affected Versions Schlix CMS version 2.2.6-6

Description The application contains a persistent cross-site scripting issue. Authenticated users can inject malicious scripts into category titles. An attacker can create a new contact category with a script payload that will execute when the page is viewed by other users. The vulnerable area is the category title field.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize all user-supplied input for category titles to prevent script injection.