84 matches found
EUVD-2023-47761
Malicious code in bioql PyPI...
EUVD-2023-47759
Malicious code in bioql PyPI...
EUVD-2023-47762
Malicious code in bioql PyPI...
CVE-2025-54540
QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn...
CVE-2025-54543 Stored XSS in QuickCMS
QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...
PT-2025-34984
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS transmits passwords and login credentials via GET requests, potentially allowing a local attacker with access to a victim’s browser history to obtain credentials and log in as the user...
CVE-2025-54175
QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...
PT-2025-34052
Name of the Vulnerable Software and Affected Versions: QuickCMS.EXT version 6.8 QuickCMS.EXT affected versions not specified Description: QuickCMS.EXT is susceptible to a Reflected Cross-Site Scripting XSS issue within the thumbnail viewer functionality. An attacker can create a malicious URL tha...
PT-2025-34050
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Stored Cross-Site Scripting XSS in the sTitle parameter within the page editor functionality. A malicious attacker with admin privileges can...
CVE-2023-43343
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component...
CVE-2023-43346
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...
CVE-2023-43342
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component...
OpenSolution Quick CMS 安全漏洞
OpenSolution Quick CMS is a free content management system from the OpenSolution organization. A security vulnerability exists in OpenSolution Quick CMS version 6.7 that stems from improper validation of user-supplied input, absolute path traversal, and allows an attacker to delete files stored o...
Quick CMS 6.7 Shell Upload Vulnerability
Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php, database/config.php Affected...
Quick CMS 6.7 Shell Upload
Title : Authenticated Shell Upload Product : Quick CMS Vendor : https://opensolution.org/ Affected Version : 6.7 Researcher : Eagle Eye Tested on : Window & Linux Date : 11/06/2024 Report : Already contact the vendor but no response Affected path : admin.php , core/common-admin.php,...
Quick CMS v6.7 en 2023 - 'password' SQLi
Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Date: 03/19/2024 Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password paramete...
Quick CMS v6.7 en 2023 - (password) SQL injection Vulnerability
Title: Quick CMS v6.7 en 2023 - 'password' SQLi Author: nu11secur1ty Vendor: https://opensolution.org/ Software: https://opensolution.org/download/home.html?sFile=Quick.Cmsv6.7-en.zip Reference: https://portswigger.net/web-security/sql-injection Description: The password parameter is vulnerable f...
CVE-2023-43346
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...
CVE-2023-43346
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...
Cross site scripting
Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component...