CVE-2025-54544

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8

Description: QuickCMS is susceptible to a Stored Cross-Site Scripting (XSS) issue through the aDirFilesDescriptions parameter within the files editor functionality. An attacker with administrative privileges can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed when a user visits the modified page. By default, the administrative user is restricted from adding JavaScript to the website.

Recommendations: Update to a newer version that contains a fix for this issue.