Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-54174
Assigner-CERT.PL
ShareView Details
Assigner-CERT.PL
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 5.07%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 12:53
Updated-20 Aug, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cross-Site Request Forgery in QuickCMS

QuickCMS is vulnerable to Cross-Site Request Forgery in article creation functionality. Malicious attacker can craft special website, which when visited by the admin, will automatically send a POST request creating a malicious article with content defined by the attacker. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Action-Not Available
Vendor-OpenSolution
Product-Quick.CMS
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-54172
Assigner-CERT.PL
ShareView Details
Assigner-CERT.PL
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 17.50%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 12:52
Updated-20 Aug, 2025 | 15:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored Cross-Site Scripting in QuickCMS

QuickCMS is vulnerable to Stored XSS in sTitle parameter in page editor functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. Regular admin user is not able to inject any JS scripts into the page. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Action-Not Available
Vendor-OpenSolution
Product-Quick.CMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-11992
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.1||CRITICAL
EPSS-0.55% / 66.90%
||
7 Day CHG~0.00%
Published-29 Nov, 2024 | 13:06
Updated-29 Nov, 2024 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal vulnerability in Quick.CMS

Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input.

Action-Not Available
Vendor-Quick.CMSquick.cms
Product-Quick.CMSquick.cms
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')