81 matches found
CVE-2021-47981
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
CVE-2021-47981 Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
CVE-2021-47981 Quick.CMS 6.7 Cross-Site Scripting via CSRF to Sliders Form
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
CVE-2021-47981
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute...
CVE-2026-1468
Product: QuickCMS. Vulnerability: Cross-Site Request Forgery (CSRF) across multiple endpoints. An attacker can lure a victim to a crafted site that automatically issues a POST request using the victim’s credentials. Root cause / vector: The software does not implement protections against CSRF on ...
CVE-2023-43344
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component...
CVE-2024-58308
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...
CVE-2024-58308
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...
CVE-2024-58308 Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...
CVE-2024-58308
Quick.CMS 6.7 contains a SQL injection in the login form that lets unauthenticated attackers bypass login and gain unauthorized administrative access. Root cause: injection in the username parameter of the login query. Impact: high risk of full admin compromise. Remediation: sanitize input in the...
CVE-2024-58308 Quick.CMS 6.7 SQL Injection Authentication Bypass via Admin Login
Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system...
Opensolution Quick.Cms SQL注入漏洞
Opensolution Quick.Cms is a website builder for building text management platforms from Opensolution Poland. An SQL injection vulnerability exists in Opensolution Quick.Cms version 6.7, which stems from an SQL injection in the login form that could lead to unauthorized administrator access...
PT-2025-50760
Name of the Vulnerable Software and Affected Versions Quick.CMS version 6.7 Description The software contains a SQL injection flaw that allows unauthenticated attackers to bypass login authentication. Attackers can manipulate the login form with SQL payloads, such as ' or '1'='1, to gain...
CVE-2025-10018
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality languages. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. Th...
CVE-2025-9981
QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...
EUVD-2023-47760
Malicious code in bioql PyPI...
EUVD-2023-47759
Malicious code in bioql PyPI...
EUVD-2023-47762
Malicious code in bioql PyPI...
EUVD-2023-47763
Malicious code in bioql PyPI...
EUVD-2023-47761
Malicious code in bioql PyPI...