VYPR

Quick.CMS

by Open Solution

CVEs (30)

  • CVE-2025-12465HigDec 2, 2025
    risk 0.56cvss epss 0.00

    A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allows for Blind SQL Injection attacks. The vendor was notified early about this vulnerability, but didn't respond with the…

  • CVE-2026-11860HigJun 15, 2026
    risk 0.49cvss epss 0.00

    Quick.CMS deserializes user-controlled data received over plaintext HTTP without ensuring integrity or authenticity. This allows attackers to tamper with serialized payloads in transit and inject malicious objects. Because deserialization is performed without proper validation…

  • CVE-2021-47981MedMay 16, 2026
    risk 0.35cvss 5.4epss 0.00

    Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form…

  • CVE-2026-33386LowMay 29, 2026
    risk 0.15cvss epss 0.00

    QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the…

  • CVE-2020-35754Jan 28, 2021
    risk 0.04cvss epss 0.10

    OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab.

  • CVE-2012-6430Mar 24, 2014
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of…

  • CVE-2009-1410Apr 24, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-4139Sep 24, 2008
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string.

  • CVE-2006-5834Nov 10, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in general.php in OpenSolution Quick.Cms.Lite 0.3 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the sLanguage Cookie parameter.

  • CVE-2024-58308Dec 11, 2025
    risk 0.00cvss epss 0.01

    Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system.

  • CVE-2025-10018Nov 14, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript…

  • CVE-2025-9982Nov 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allows attackers with access to the source code or the server file system to retrieve authentication details, potentially…

  • CVE-2025-9981Oct 23, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript…

  • CVE-2025-9980Oct 23, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add…

  • CVE-2025-55175Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this…

  • CVE-2025-54544Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is…

  • CVE-2025-54543Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not…

  • CVE-2025-54542Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't respond with the details of…

  • CVE-2025-54541Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified early about this…

  • CVE-2025-54540Aug 28, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was notified early about this…

Page 1 of 2