Stored XSS Vulnerability in QuickCMS by OpenSolution
CVE-2025-54544
5.3MEDIUM
What is CVE-2025-54544?
QuickCMS is susceptible to a Stored XSS vulnerability through the aDirFilesDescriptions parameter within its file editor functionality. An attacker with administrative privileges can insert malicious HTML and JavaScript code, which will be executed when users access the edited page. While the vendor was informed about the issue, further details regarding other affected versions remain unconfirmed. Currently, version 6.8 is the only version validated as vulnerable, posing risks to any site utilizing this content management system.
Affected Version(s)
QuickCMS 6.8