XSS in Opensolution Quickcms
CVE-2025-10018
QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default a…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (6.4th percentile) — read the EPSS interpretation.
Affected products
- Opensolution Quickcms — versions 6.8
Weakness classification (CWE)
References
- cert.pl/posts/2025/11/CVE-2025-9982 (third-party-advisory)
- opensolution.org/cms-system-quick-cms.html (product)