CVE-2021-47981

5.4 MEDIUM
Published: May 16, 2026 Modified: May 16, 2026
View on NVD

Description

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://opensolution.org/
Source: disclosure@vulncheck.com
https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip
Source: disclosure@vulncheck.com
https://www.exploit-db.com/exploits/50530
Source: disclosure@vulncheck.com
https://www.vulncheck.com/advisories/quick-cms-cross-site-scripting-via-csrf-to-sliders-form
Source: disclosure@vulncheck.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
5.4 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Related CVEs

CVE-2021-47980 7.1
CVE-2021-47979 8.8
CVE-2021-47978 6.2
CVE-2021-47977 7.5
CVE-2021-47976 8.8