Opensolution Quickcms
14 CVEs affecting Opensolution Quickcms. Latest disclosed: 2026-05-29. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33386 | | 2026-05-29 | QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑M… | |
CVE-2026-33384 | | 2026-05-29 | QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour e… | |
CVE-2026-1468 | | 2026-03-06 | QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will a… | |
CVE-2025-12465 | | 2025-12-02 | A Blind SQL injection vulnerability has been identified in QuickCMS. Improper neutralization of input provided by a high-privileged user into aFilesDelete allo… | |
CVE-2025-10018 | | 2025-11-14 | QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML… | |
CVE-2025-9982 | | 2025-11-14 | A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in plaintext. This flaw allow… | |
CVE-2025-9981 | | 2025-10-23 | QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can inject arbitrary HTML… | |
CVE-2025-9980 | | 2025-10-23 | QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can inject arbitrary HTML and… | |
CVE-2025-55175 | | 2025-08-28 | QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, wh… | |
CVE-2025-54544 | | 2025-08-28 | QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin privileges can inject arb… | |
CVE-2025-54543 | | 2025-08-28 | QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbit… | |
CVE-2025-54542 | | 2025-08-28 | QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the necessary credentials… | |
CVE-2025-54541 | | 2025-08-28 | QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which when visited by the ad… | |
CVE-2025-54540 | | 2025-08-28 | QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when o… |