Quick.cms

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2026-11860	Open Solution Quick.cms	Hig	0.49	—	—	Jun 15, 2026	Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation…
CVE-2012-3833	Open Solution Quick.cms		0.00	—	0.00	Jul 3, 2012	Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2009-4121	Open Solution Quick.CMS		0.00	—	0.00	Dec 1, 2009	Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products…

CVE-2026-11860HigJun 15, 2026
Open Solution
Quick.cms
risk 0.49cvss —epss —
Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation…
CVE-2012-3833Jul 3, 2012
Open Solution
Quick.cms
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter.
CVE-2009-4121Dec 1, 2009
Open Solution
Quick.CMS
risk 0.00cvss —epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products…