Cross-Site Request Forgery in Quick.Cart by OpenSolution
CVE-2025-10317

5.1MEDIUM

Key Information:

Vendor: Opensolution
Status: Quick.cart
Vendor: CVE Published:; 30 October 2025

🔔 Create Opensolution Vulnerability Alert

What is CVE-2025-10317?

Quick.Cart, developed by OpenSolution, has a vulnerability that allows attackers to exploit Cross-Site Request Forgery (CSRF) in its product creation functionality. An attacker can design a malicious website that, when accessed by an administrator of Quick.Cart, will trigger a POST request automatically. This can lead to the unintended creation of a product with content determined by the attacker. As the software lacks adequate protection mechanisms against such CSRF attacks, all forms available within it are potentially at risk. Although version 6.7 has been confirmed vulnerable, it is unknown whether other versions may also be affected, as they have not been publicly tested.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Quick.Cart 6.7

References

https://cert.pl/posts/2025/10/CVE-2025-10317

third-party-advisory

https://opensolution.org/sklep-internetowy-quick-cart.html

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Timeline

Vulnerability published
Oct 30, 2025
Vulnerability Reserved
Sep 12, 2025

Credit

Łukasz vq4s Woźniak

JSON

Opensolution

What is CVE-2025-10317?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.