CVE-2021-47981
published 2026-05-16CVE-2021-47981: Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.18%
7.6th percentile
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opensolution | quick.cms | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Opensolution Quick.CMS 6.7 sDescription cross site scripting (Exploit 50530 / EUVD-2021-34836)
vuldb·2026-05-16·CVSS 5.1
CVE-2021-47981 [MEDIUM] Opensolution Quick.CMS 6.7 sDescription cross site scripting (Exploit 50530 / EUVD-2021-34836)
A vulnerability, which was classified as problematic, was found in Opensolution Quick.CMS 6.7. This affects an unknown part. Executing a manipulation of the argument sDescription can lead to cross site scripting.
This vulnerability is handled as CVE-2021-47981. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-g33h-xxgx-7c28: Quick
ghsa_unreviewed·2026-05-16
CVE-2021-47981 [MEDIUM] CWE-79 GHSA-g33h-xxgx-7c28: Quick
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-05-16
Published