119 matches found
CVE-2025-54172
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...
CVE-2025-54174
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT
QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...
CVE-2025-54175 Reflected Cross-Site Scripting in QuickCMS.EXT
QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this vulnerability, but didn't respon...
CVE-2025-54175
QuickCMS.EXT is affected by a Reflected XSS in the sFileName parameter of the thumbnail viewer. The issue allows arbitrary JavaScript execution via a crafted URL. Only version 6.8 has been tested and confirmed vulnerable; other versions may also be affected. The vendor was notified but did not pr...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54174
CVE-2025-54174 concerns QuickCMS: a Cross-Site Request Forgery in the article creation flow. An attacker could lure an admin to a crafted site, triggering a POST to create a malicious article with attacker-defined content. Documented impact is limited to the described CSRF behavior; exploitation ...
CVE-2025-54174 Cross-Site Request Forgery in QuickCMS
QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified...
CVE-2025-54172 Stored Cross-Site Scripting in QuickCMS
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...
CVE-2025-54172
CVE-2025-54172 affects QuickCMS. The vulnerability is a Stored XSS in the sTitle parameter of the page editor . An attacker with admin privileges can inject arbitrary HTML/JS that will be rendered when visiting the edited page; regular admin users cannot inject scripts. Only version 6.8 was teste...
CVE-2025-54172 Stored Cross-Site Scripting in QuickCMS
QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into th...
Open Solution QuickCMS 跨站请求伪造漏洞
Open Solution QuickCMS is an Open Solution open source content management system. A cross-site request forgery vulnerability exists in Open Solution QuickCMS version 6.8, which stems from vulnerability to cross-site request forgery attacks...
Open Solution QuickCMS 跨站脚本漏洞
Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from improper neutralization of the sFileName parameter input and could lead to a reflective cross-site scripting attack...
PT-2025-34051
Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS affected versions not specified Description: QuickCMS is vulnerable to Cross-Site Request Forgery in the article creation functionality. A malicious attacker can craft a special website that, when visited by an...
Open Solution QuickCMS 跨站脚本漏洞
Open Solution QuickCMS is an Open Solution open source content management system. A cross-site scripting vulnerability exists in Open Solution QuickCMS version 6.8, which stems from improper neutralization of the sTitle parameter input and could lead to a stored cross-site scripting attack...
CVE-2020-35754
OpenSolution Quick.CMS 6.7 and Quick.Cart 6.7 allow an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Language tab...
QuickCms 5.4 - Multiple Vulnerabilites
No description provided by source. Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area:...
Quick.CMS 5.4 - Multiple Vulnerabilities
Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...
QuickCms 5.4 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: QuickCms 5.4 Multiple Vulnerabilites Date: 04/08/2014 Author: shpendk Software Link: http://opensolution.org/download,en,18.html?sFile=Quick.Cms/Quick.Cmsv5.4.zip Version: 5.4 Tested on: Xampp on Windows Reflected XSS Vulnerability in Admin Area: Trigger:...