CVE-2025-10018

Name of the Vulnerable Software and Affected Versions QuickCMS version 6.8 QuickCMS (affected versions not specified)

Description QuickCMS is susceptible to multiple Stored Cross-Site Scripting (XSS) issues within the language editor functionality, specifically in the 'languages' section. An attacker possessing administrative privileges can inject arbitrary HTML and JavaScript code into the website. This injected code will be rendered and executed on every page viewed by users. The vendor was informed of this issue but did not provide details regarding vulnerable version ranges. While version 6.8 was confirmed as vulnerable, other versions have not been tested and may also be affected.

Recommendations Update to a newer version that contains a fix for this vulnerability.