XSS in Opensolution Quickcms
CVE-2025-9980
QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (6.6th percentile) — read the EPSS interpretation.
Affected products
- Opensolution Quickcms — versions 6.8
Weakness classification (CWE)
References
- cert.pl/posts/2025/10/CVE-2025-9980 (third-party-advisory)
- opensolution.org/cms-system-quick-cms.html (product)