本ページは opensolution quick_cms に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2024-58308 | Quick.CMS 6.7 contains a SQL injection vulnerability that allows unauthenticated attackers to bypass login authentication by manipulating the login form. Attackers can inject specific SQL payloads like ' or '1'='1 to gain unauthorized administrative access to the system. | [email protected] | 9.3 | 0.16% | 2025-12-11 | 2025-12-31 |
| CVE-2023-43346 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component. | [email protected] | 5.4 | 0.48% | 2023-10-20 | 2024-11-21 |
| CVE-2023-43345 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component. | [email protected] | 8.6 | 0.14% | 2023-10-19 | 2024-11-21 |
| CVE-2023-43344 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages Menu component. | [email protected] | 5.4 | 0.39% | 2023-10-19 | 2024-11-21 |
| CVE-2023-43342 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. | [email protected] | 5.4 | 0.22% | 2023-10-19 | 2024-11-21 |
| CVE-2023-43343 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component. | [email protected] | 5.4 | 0.49% | 2023-10-05 | 2024-11-21 |
| CVE-2012-6430 | Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140. | [email protected] | 4.3 | 10.93% | 2014-03-24 | 2026-05-06 |