XSS in Opensolution Quickcms

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edi…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (14.1th percentile) — read the EPSS interpretation.

Affected products

Opensolution Quickcms — versions 6.8

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cert.pl/posts/2025/08/CVE-2025-54540 (third-party-advisory)
opensolution.org (product)