XSS in Opensolution Quickcms
CVE-2026-33386
QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the opensolution.org server and serving arb…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.000 (9.9th percentile) — read the EPSS interpretation.
Affected products
- Opensolution Quickcms — versions 0
Weakness classification (CWE)
References
- cvd@cert.pl (third-party-advisory)
- cvd@cert.pl (product)