PT-2025-34052 · Unknown · Quick.Cms.Ext
Kamil Szczurowski
+1
·
Published
2025-08-20
·
Updated
2025-09-08
·
CVE-2025-54175
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
QuickCMS.EXT version 6.8
QuickCMS.EXT (affected versions not specified)
Description:
QuickCMS.EXT is susceptible to a Reflected Cross-Site Scripting (XSS) issue within the thumbnail viewer functionality. An attacker can create a malicious URL that, when opened, leads to the execution of arbitrary JavaScript code in the victim’s browser. The vulnerability resides in the
sFileName parameter.Recommendations:
QuickCMS.EXT version 6.8: Address the vulnerability by sanitizing or validating the
sFileName parameter within the thumbnail viewer functionality to prevent the injection of malicious scripts.
QuickCMS.EXT (affected versions not specified): Address the vulnerability by sanitizing or validating the sFileName parameter within the thumbnail viewer functionality to prevent the injection of malicious scripts.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quick.Cms.Ext