XSS in Opensolution Quickcms

CVE-2025-54544

QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting e…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (14.1th percentile) — read the EPSS interpretation.

Affected products

Opensolution Quickcms — versions 6.8

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

cert.pl/posts/2025/08/CVE-2025-54540 (third-party-advisory)
opensolution.org (product)