Reflected Cross-Site Scripting in QuickCMS.EXT_CVE-2025-54175

4.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

QuickCMS.EXT is vulnerable to Reflected XSS in sFileName parameter in thumbnail viewer functionality. An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened.

The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Basic Information

ID CVE-2025-54175

Source CERT-PL

Published Aug 20, 2025 at 12:53

Affected Product

Vendor OpenSolution

Product Quick.CMS.EXT

Version 6.8

Affected Versions OpenSolution Quick.CMS.EXT 6.8

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "QuickCMS.EXT is vulnerable to Reflected XSS in sFileName\u00a0parameter in thumbnail viewer\u00a0functionality. \u00a0An attacker can craft a malicious URL that results in arbitrary JavaScript execution in the victim's browser when opened.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.",
    "published": "2025-08-20T12:53:23.786Z",
    "modified": "2025-08-20T12:53:23.786Z",
    "type": "cve",
    "title": "Reflected Cross-Site Scripting in QuickCMS.EXT",
    "source": "CERT-PL",
    "references": "https://cert.pl/posts/2025/08/CVE-2025-54172\nhttps://opensolution.org/professional-cms-system-quick-cms-ext.html",
    "id": "CVE-2025-54175",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "OpenSolution Quick.CMS.EXT 6.8",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Quick.CMS.EXT",
    "version": "6.8",
    "vendor": "OpenSolution",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}