Opensolution

Quick Cms

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2025-54544

  • EPSS 0.18%
  • Veröffentlicht 28.08.2025 11:15:32
  • Zuletzt bearbeitet 08.09.2025 17:15:28

QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page....

4.8

CVE-2025-54543

  • EPSS 0.18%
  • Veröffentlicht 28.08.2025 11:15:32
  • Zuletzt bearbeitet 08.09.2025 16:56:05

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. B...

5.5

CVE-2025-54542

  • EPSS 0.12%
  • Veröffentlicht 28.08.2025 11:15:32
  • Zuletzt bearbeitet 08.09.2025 16:56:12

QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials to log in as the user. The vendor was notified early about this vulnerability, but didn't...

4.3

CVE-2025-54541

  • EPSS 0.14%
  • Veröffentlicht 28.08.2025 11:15:32
  • Zuletzt bearbeitet 08.09.2025 16:56:22

QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request deleting an article. The vendor was notified e...

6.1

CVE-2025-54540

  • EPSS 0.24%
  • Veröffentlicht 28.08.2025 11:15:30
  • Zuletzt bearbeitet 08.09.2025 17:06:51

QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. The vendor was n...

5.4

CVE-2023-43346

Exploit
  • EPSS 0.49%
  • Veröffentlicht 20.10.2023 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:24:02

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.

8.6

CVE-2023-43345

Exploit
  • EPSS 0.36%
  • Veröffentlicht 19.10.2023 23:15:08
  • Zuletzt bearbeitet 21.11.2024 08:24:01

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.

5.4

CVE-2023-43344

Exploit
  • EPSS 0.64%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:01

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component.

5.4

CVE-2023-43342

Exploit
  • EPSS 0.49%
  • Veröffentlicht 19.10.2023 22:15:09
  • Zuletzt bearbeitet 21.11.2024 08:24:01

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component.

5.4

CVE-2023-43343

Exploit
  • EPSS 0.68%
  • Veröffentlicht 05.10.2023 22:15:12
  • Zuletzt bearbeitet 21.11.2024 08:24:01

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.