Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
https://gist.github.com/akinerkisa/b22f4517a4011d049c5fc7fd3b29c9f2