Skip to main content

Quick Cms CVE-2023-43343

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2023-10-05 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 05, 2023 - 22:15 nvd
MEDIUM 5.4

DescriptionNVD

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.

AnalysisAI

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component. Affected products include: Opensolution Quick Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-43345 HIGH POC
8.6 Oct 19

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary co

CVE-2023-43346 MEDIUM POC
5.4 Oct 20

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary co

CVE-2023-43344 MEDIUM POC
5.4 Oct 19

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary co

CVE-2023-43342 MEDIUM POC
5.4 Oct 19

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary co

CVE-2012-3833 MEDIUM POC
4.3 Jul 03

Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to

CVE-2026-11860 HIGH
7.5 Jun 15

Unsafe PHP deserialization in Quick.CMS by OpenSolution lets an on-path attacker who can tamper with the plaintext HTTP

CVE-2025-9982 MEDIUM
6.9 Nov 14

A vulnerability exists in QuickCMS version 6.8 where sensitive admin credentials are hardcoded in a configuration file a

CVE-2025-10018 MEDIUM
4.8 Nov 14

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Rated medium severity (CVSS

CVE-2025-55175 MEDIUM
5.1 Aug 28

QuickCMS is vulnerable to Reflected XSS via sLangEdit parameter in admin's panel functionality. Rated medium severity (C

CVE-2025-54544 MEDIUM
5.3 Aug 28

QuickCMS is vulnerable to Stored XSS via aDirFilesDescriptions parameter in files editor functionality. Rated medium sev

CVE-2025-54543 MEDIUM
5.3 Aug 28

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Rated medium sever

CVE-2025-54542 MEDIUM
6.9 Aug 28

QuickCMS sends password and login via GET Request. Rated medium severity (CVSS 6.9), this vulnerability is no authentica

Share

CVE-2023-43343 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy