Quick.cms@6.8 Security Vulnerabilities and Issues — Quick.cms@6.8 CVE List

Lucene search

OpensolutionQuick.cms6.8

8 matches found

CVE•added 2025/08/28 11:15 a.m.•7 views

CVE-2025-55175

QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but di...

6.1CVSS5.4AI score0.00039EPSS

CVE•added 2025/08/20 1:15 p.m.•6 views

CVE-2025-54174

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified ea...

5.1CVSS7AI score0.00029EPSS

CVE•added 2025/08/28 11:15 a.m.•6 views

CVE-2025-54541

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this vulnerability, but didn't respond ...

6.9CVSS6.1AI score0.00039EPSS

CVE•added 2025/08/28 11:15 a.m.•6 views

CVE-2025-54542

QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vuln...

6.9CVSS6.1AI score0.00039EPSS

CVE•added 2025/08/28 11:15 a.m.•6 views

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScrip...

5.3CVSS5.2AI score0.00039EPSS

CVE•added 2025/08/20 1:15 p.m.•5 views

CVE-2025-54172

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into the ...

4.8CVSS5.9AI score0.00029EPSS

CVE•added 2025/08/28 11:15 a.m.•5 views

CVE-2025-54540

QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this vulnerability, but didn't...

6.1CVSS5.6AI score0.00039EPSS

CVE•added 2025/08/28 11:15 a.m.•5 views

CVE-2025-54544

QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add JavaScr...

5.3CVSS5.2AI score0.00039EPSS