quickapps/cms

quickapps/cms

Releases12

Frequency3 months 3 weeks

Last Release about 11 years ago

Stars163

Modular CMS powered by CakePHP

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-17102 ↗	Sep 16, 2018Sunday, 16 September 2018, 21:29	—	6.8 MEDIUM
An issue was discovered in QuickAppsCMS (aka QACMS) through 2.0.0-beta2. A CSRF vulnerability can change the administrator password via the user/me URI.
CVE-2018-9108 ↗	Mar 28, 2018Wednesday, 28 March 2018, 04:29	—	6.8 MEDIUM
CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an unauthorized remote attacker to create an account with admin privileges.
CVE-2017-1000495 ↗	Jan 3, 2018Wednesday, 3 January 2018, 14:29	—	3.5 LOW
QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account