CVE-2023-43345

HIGH

Quick CMS 6.7 - Stored Cross-Site Scripting via Pages Menu Content Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-43345. PoCs published by sromanhu.

AI-analyzed exploit summary This repository documents a stored XSS vulnerability in Quick CMS v6.7, where the 'Content - Name' field in the Pages Menu fails to sanitize input, allowing arbitrary JavaScript execution. The PoC demonstrates an SVG-based payload that triggers an alert with the document domain.

Description

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu component.

Exploits (1)

nomisec WRITEUP

by sromanhu · poc

https://github.com/sromanhu/CVE-2023-43345-Quick-CMS-Stored-XSS---Pages-Content

View Code ZIP pw:eip

This repository documents a stored XSS vulnerability in Quick CMS v6.7, where the 'Content - Name' field in the Pages Menu fails to sanitize input, allowing arbitrary JavaScript execution. The PoC demonstrates an SVG-based payload that triggers an alert with the document domain.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Quick CMS v6.7

Auth required

Prerequisites: Access to the Quick CMS admin panel · Ability to edit the 'Content - Name' field in the Pages Menu

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/sromanhu/CVE-2023-43345-Quick-CMS-Stored-XSS---Pages-Content

Scores

CVSS v3 8.6

EPSS 0.0036

EPSS Percentile 27.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Products (1)

opensolution/quick_cms 6.7

Published Oct 19, 2023

Tracked Since Feb 18, 2026