National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:quickappscms:quickapps_cms:2.0.0:beta2
There are 3 matching records.
Vuln ID Summary CVSS Severity

An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.

Published: September 16, 2018; 05:29:01 PM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM

CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.

Published: March 28, 2018; 12:29:00 AM -04:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM

QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account

Published: January 03, 2018; 09:29:00 AM -05:00
V3.0: 5.4 MEDIUM
    V2: 3.5 LOW