Vulnerabilities ›

CVE-2021-47981

Medium

CWE-79 — Weakness Type

                    Published: May 16, 2026                      ·  Modified: May 19, 2026                      ·  Source: NVD                

CVSS v3

5.4

🔗 NVD Official

📄 Description (English)

Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription parameter. Attackers can craft CSRF forms targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in victim browsers when the form is submitted.

🤖 AI Executive Summary

Quick.CMS 6.7 contains a stored cross-site scripting (XSS) vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts via the sDescription parameter. Attackers can exploit this through CSRF attacks targeting the admin.php?p=sliders-form endpoint to execute arbitrary JavaScript in administrator browsers. While requiring authentication, this vulnerability poses a significant risk to organizations using Quick.CMS for content management, particularly when combined with social engineering or insider threats.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 26, 2026 06:54

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability primarily affects Saudi government agencies, municipalities, and private sector organizations using Quick.CMS for website and content management. High-risk sectors include: Government (NCA, CITC) — administrative portals and public information systems; Healthcare — hospital management systems and patient information portals; Education — university and school content management systems; Media and Publishing — news organizations and digital content platforms. The stored XSS nature allows persistent compromise of administrative interfaces, potentially leading to unauthorized access, data theft, or malware distribution to website visitors.

🏢 Affected Saudi Sectors

Government Healthcare Education Media and Publishing Telecommunications Financial Services Retail and E-commerce

🎯 MITRE ATT&CK Techniques

T1190 — Exploit Public-Facing Application T1598 — Phishing T1566 — Phishing (email-based CSRF delivery) T1059 — Command and Scripting Interpreter (JavaScript execution) T1539 — Steal Web Session Cookie T1040 — Network Sniffing (session hijacking) T1021 — Remote Services (lateral movement via compromised admin account)

⚖️ Saudi Risk Score (AI)

6.2

/ 10.0

🔧 Remediation Steps (English)

Immediate Actions:

1. Audit all Quick.CMS 6.7 installations in your environment and document their usage

2. Restrict access to admin.php?p=sliders-form to trusted IP addresses only

3. Implement Web Application Firewall (WAF) rules to block XSS payloads in the sDescription parameter

4. Review audit logs for suspicious slider form submissions and XSS payload attempts



Patching Guidance:

1. Contact Quick.CMS vendor for security updates or migrate to alternative CMS solutions

2. If no patch is available, implement input validation and output encoding at the application level

3. Apply HTML entity encoding to all user inputs in the sDescription field before storage and display



Compensating Controls:

1. Implement Content Security Policy (CSP) headers to prevent inline script execution

2. Enable HTTP-only and Secure flags on session cookies

3. Enforce strong authentication (MFA) for all administrative accounts

4. Implement CSRF tokens on all state-changing forms

5. Deploy endpoint detection and response (EDR) solutions to monitor for suspicious JavaScript execution



Detection Rules:

1. Monitor for POST requests to admin.php?p=sliders-form with script tags or event handlers in parameters

2. Alert on sDescription parameter containing: <script>, javascript:, onerror=, onload=, onclick=

3. Track administrative account logins followed by slider form modifications

4. Monitor for unusual JavaScript execution in admin panel sessions

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بتدقيق جميع تثبيتات Quick.CMS 6.7 في بيئتك وتوثيق استخدامها

2. قيد الوصول إلى admin.php?p=sliders-form إلى عناوين IP الموثوقة فقط

3. تطبيق قواعد جدار حماية تطبيقات الويب (WAF) لحظر حمولات XSS في معامل sDescription

4. مراجعة سجلات التدقيق لعمليات إرسال نموذج المنزلقات المريبة ومحاولات حمولات XSS

إرشادات التصحيح:

1. اتصل بمورد Quick.CMS للحصول على تحديثات الأمان أو الهجرة إلى حلول CMS بديلة

2. إذا لم يكن هناك تصحيح متاح، قم بتطبيق التحقق من الإدخال والترميز الناتج على مستوى التطبيق

3. تطبيق ترميز كيان HTML على جميع مدخلات المستخدم في حقل sDescription قبل التخزين والعرض

الضوابط البديلة:

1. تطبيق رؤوس سياسة أمان المحتوى (CSP) لمنع تنفيذ البرامج النصية المضمنة

2. تفعيل علامات HTTP-only و Secure على ملفات تعريف الجلسة

3. فرض المصادقة القوية (MFA) لجميع الحسابات الإدارية

4. تطبيق رموز CSRF على جميع النماذج التي تغير الحالة

5. نشر حلول الكشف والاستجابة للنقاط النهائية (EDR) لمراقبة تنفيذ JavaScript المريب

قواعد الكشف:

1. مراقبة طلبات POST إلى admin.php?p=sliders-form بعلامات البرامج النصية أو معالجات الأحداث في المعاملات

2. التنبيه على معامل sDescription يحتوي على: <script>، javascript:، onerror=، onload=، onclick=

3. تتبع عمليات تسجيل الدخول للحساب الإداري متبوعة بتعديلات نموذج المنزلق

4. مراقبة تنفيذ JavaScript غير العادي في جلسات لوحة التحكم

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 — Information Security Policies (secure coding practices) A.6.2.1 — User Access Management (authentication and authorization controls) A.6.2.2 — User Access Rights (principle of least privilege for admin access) A.7.1.1 — Cryptography (secure session management) A.8.2.1 — Classification of Information (protection of administrative interfaces) A.8.2.3 — Handling of Assets (secure development practices) A.9.2.1 — User Endpoint Devices (XSS prevention controls) A.12.2.1 — Change Management (patch management procedures)

🔵 SAMA CSF

Governance & Risk Management — vulnerability management and patch management Information & Cybersecurity — secure coding and input validation Operational Resilience — incident detection and response capabilities Third-Party Risk Management — vendor security assessment for CMS solutions

🟡 ISO 27001:2022

A.5.1.1 — Information security policies and procedures A.6.2.1 — User registration and access rights management A.8.2.3 — Segregation of duties (admin access controls) A.12.2.1 — Change management procedures A.12.6.1 — Management of technical vulnerabilities A.14.2.1 — Secure development policy A.14.2.5 — Secure development environment

🟣 PCI DSS v4.0.1

Requirement 6.5.1 — Injection flaws prevention Requirement 6.5.7 — Cross-site scripting (XSS) prevention Requirement 6.2 — Security patches and updates Requirement 8.2.1 — User authentication and access control

🔗 References & Sources 4

🔗

https://opensolution.org/

disclosure@vulncheck.com

🔗

https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip

disclosure@vulncheck.com

🔗

https://www.exploit-db.com/exploits/50530

disclosure@vulncheck.com

🔗

https://www.vulncheck.com/advisories/quick-cms-cross-site-scripting-via-csrf-to-sliders...

disclosure@vulncheck.com

📊 CVSS Score

5.4

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionR — Required

ScopeC — Changed

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityN — None / Network

📋 Quick Facts

Severity Medium

CVSS Score5.4

CWECWE-79

EPSS0.03%

Exploit No

Patch ✗ No

Published 2026-05-16

Source Feed nvd

🇸🇦 Saudi Risk Score

6.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-79

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2021-47981

Introduce Yourself

Sign In Required