XSS in Opensolution Quickcms
CVE-2025-55175
QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. T…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (22.8th percentile) — read the EPSS interpretation.
Affected products
- Opensolution Quickcms — versions 6.8
Weakness classification (CWE)
References
- cert.pl/posts/2025/08/CVE-2025-54540 (third-party-advisory)
- opensolution.org (product)