PT-2025-34982 · Quick.Cms · Quick.Cms
Karol Czubernat
·
Published
2025-08-28
·
Updated
2025-09-08
·
CVE-2025-54540
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
QuickCMS version 6.8
Description:
QuickCMS is susceptible to Reflected Cross-Site Scripting (XSS) through the
sSort parameter within the admin panel functionality. An attacker can leverage this to execute arbitrary JavaScript code in a victim’s browser by crafting a malicious URL.Recommendations:
QuickCMS version 6.8: Address the issue by sanitizing user input for the
sSort parameter to prevent the injection of malicious scripts.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quick.Cms