VYPR

Quick.CMS

by Open Solution

CVEs (30)

  • CVE-2025-54175Aug 20, 2025
    risk 0.00cvss epss 0.00

    QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality.  An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened. The vendor was notified early about this…

  • CVE-2025-54174Aug 20, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The…

  • CVE-2025-54172Aug 20, 2025
    risk 0.00cvss epss 0.00

    QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any…

  • CVE-2023-43346Oct 20, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.

  • CVE-2023-43344Oct 19, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.

  • CVE-2023-43345Oct 19, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.

  • CVE-2023-43342Oct 19, 2023
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.

  • CVE-2023-43343Oct 5, 2023
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.

  • CVE-2012-3833Jul 3, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

  • CVE-2009-4121Dec 1, 2009
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the authentication of the administrator for requests that (1) delete web pages via a p-delete action to admin.php, and possibly (2) delete products…

Page 2 of 2