CVE-2025-54172

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 QuickCMS (affected versions not specified)

Description: QuickCMS is vulnerable to Stored Cross-Site Scripting (XSS) in the sTitle parameter within the page editor functionality. A malicious attacker with admin privileges can inject arbitrary HTML and JavaScript into the website, which will be rendered and executed when visiting the edited page. A regular admin user is not able to inject any JavaScript scripts into the page. The vendor was notified about this issue but did not respond with details regarding vulnerable version ranges.

Recommendations: QuickCMS version 6.8: As a temporary workaround, sanitize the sTitle input to prevent the injection of malicious HTML and JavaScript code. QuickCMS (affected versions not specified): As a temporary workaround, sanitize the sTitle input to prevent the injection of malicious HTML and JavaScript code.