An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/system.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/slideshow.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/user.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/down.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/news.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/album.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/category.php has XSS.
4.8CVSS
5.2AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. upload/System/Controller/guest.php has XSS, as demonstrated by the name parameter, a different vulnerability than CVE-2018-8070.
6.1CVSS
5.6AI Score
0.001EPSS
An issue was discovered in QCMS 3.0.1. CSRF exists via the backend/user/admin/add.html URI.
8.8CVSS
8.6AI Score
0.001EPSS
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
7.5CVSS
7.4AI Score
0.003EPSS