Opensolution Quick.cms — known CVE vulnerabilities
Every CVE whose affected-product data names Opensolution Quick.cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2025-9982 — CVSS 7.5 (high): A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file and stored in…
CVE-2020-35754 — CVSS 7.2 (high): OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code…
CVE-2009-4121 — CVSS 6.8 (medium): Multiple cross-site request forgery (CSRF) vulnerabilities in Quick.CMS 2.4 and Quick.CMS.Lite 2.4 allow remote attackers to hijack the…
CVE-2025-54540 — CVSS 6.1 (medium): QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially…
CVE-2025-55175 — CVSS 6.1 (medium): QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. A malicious attacker can craft a specially…
CVE-2025-54542 — CVSS 5.5 (medium): QuickCMS sends password and login via GET Request. This allows a local attacker with access to the victim's browser history to obtain the…
CVE-2025-10018 — CVSS 4.8 (medium): QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can…
CVE-2025-54172 — CVSS 4.8 (medium): QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject…
CVE-2025-54544 — CVSS 4.8 (medium): QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Malicious attacker with admin…
CVE-2025-9980 — CVSS 4.8 (medium): QuickCMS is vulnerable to multiple Stored XSS in page editor functionality (pages-form). Malicious attacker with admin privileges can…
CVE-2025-9981 — CVSS 4.8 (medium): QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality (sliders-form). Malicious attacker with admin privileges can…
CVE-2025-54543 — CVSS 4.8 (medium): QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin…
CVE-2025-54541 — CVSS 4.3 (medium): QuickCMS is vulnerable to Cross-Site Request Forgery in page deletion functionality. Malicious attacker can craft special website, which…
CVE-2025-54174 — CVSS 4.3 (medium): QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which…
CVE-2012-3833 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary…