Stored XSS Vulnerability in QuickCMS by OpenSolution
CVE-2025-54544

5.3MEDIUM

Key Information:

Status
Vendor
CVE Published:
28 August 2025

What is CVE-2025-54544?

QuickCMS is susceptible to a Stored XSS vulnerability through the aDirFilesDescriptions parameter within its file editor functionality. An attacker with administrative privileges can insert malicious HTML and JavaScript code, which will be executed when users access the edited page. While the vendor was informed about the issue, further details regarding other affected versions remain unconfirmed. Currently, version 6.8 is the only version validated as vulnerable, posing risks to any site utilizing this content management system.

Affected Version(s)

QuickCMS 6.8

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Karol Czubernat
.
CVE-2025-54544 : Stored XSS Vulnerability in QuickCMS by OpenSolution