CVE-2025-54543

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8

Description: QuickCMS is susceptible to a Stored Cross-Site Scripting (XSS) issue through the sDescriptionMeta parameter within the page editor's SEO functionality. An attacker possessing administrative privileges can inject arbitrary HTML and JavaScript code into a website. This injected code will be rendered and executed when a user visits the modified page. By default, the admin user is not able to add JavaScript into the website.

Recommendations: Update to a newer version that contains a fix for this issue.