2 matches found
CVE-2025-54544
QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...
PT-2025-34986
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to a Stored Cross-Site Scripting XSS issue through the aDirFilesDescriptions parameter within the files editor functionality. An attacker with administrative privileges can inject...