Vulnerabilities in OpenSolution QuickCMS software

CERT Polska published a coordinated disclosure for six vulnerabilities in OpenSolution QuickCMS 6.8 (CVE-2025-54540, CVE-2025-54541, CVE-2025-54542, CVE-2025-54543, CVE-2025-54544, CVE-2025-55175) including reflected and stored XSS issues, a CSRF that can delete pages, and a flaw that transmits credentials via GET; the report describes attack vectors, impacts, and credits the reporter while noting only version 6.8 was tested.