CVE-2025-54540 in QuickCMSthông tin

Tóm tắt

Bởi MITRE • 28/08/2025

QuickCMS is vulnerable to Reflected XSS via sSort parameter in admin's panel functionality. A malicious attacker can craft a specially crafted URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

chịu trách nhiệm

CERT-PL

Đặt trước

24/07/2025

Tiết lộ

28/08/2025

Kiểm duyệt

được chấp nhận

EPSS

0.00236

KEV

không

Các hoạt động

rất thấp

Nguồn

Want to know what is going to be exploited?

We predict KEV entries!