CVE-2025-9980 is a stored Cross-Site Scripting (XSS) vulnerability identified in OpenSolution QuickCMS version 6.8. The vulnerability arises from improper neutralization of input during web page generation, specifically within the page editor functionality (pages-form). An attacker with administrative privileges can inject arbitrary HTML and JavaScript code into the website content, which is then stored and executed when any user visits the affected page. Although the default configuration restricts admin users from adding JavaScript, this vulnerability circumvents such restrictions, enabling script injection. The vendor was notified early but has not disclosed detailed information about the vulnerability or the full range of affected versions, leaving uncertainty about other versions' exposure. The CVSS 4.0 base score is 4.8 (medium severity), reflecting the requirement for high privileges (admin) and user interaction to trigger the exploit, but with network attack vector and low attack complexity. No patches or known exploits are currently available. The vulnerability could be leveraged for session hijacking, defacement, or delivering malicious payloads to site visitors, potentially compromising confidentiality and integrity of user data. The scope is limited to QuickCMS installations running version 6.8, but other versions may also be at risk due to lack of comprehensive testing.

For European organizations using QuickCMS 6.8, this vulnerability poses a moderate risk. Since exploitation requires admin privileges, the primary threat vector is through compromised or malicious administrators. If exploited, attackers can execute arbitrary scripts in the context of the website, potentially leading to session hijacking of users, defacement of public-facing content, or distribution of malware. This can damage organizational reputation, lead to data breaches, and undermine user trust. Given the web-facing nature of CMS platforms, the vulnerability could affect any European entity relying on QuickCMS for public or internal web content management. The lack of vendor response and patches increases the risk of future exploitation. Organizations in sectors with high regulatory scrutiny (e.g., finance, healthcare, government) could face compliance issues if user data confidentiality or integrity is compromised. Additionally, the vulnerability could be leveraged in targeted attacks against European organizations with strategic or political importance, especially if attackers gain admin access through other means.

European organizations should immediately audit their QuickCMS installations to identify if version 6.8 is in use. If so, restrict admin access strictly to trusted personnel and enforce strong authentication mechanisms such as multi-factor authentication (MFA). Conduct thorough reviews of all pages edited recently for suspicious or unauthorized script content. Implement Content Security Policy (CSP) headers to limit the execution of injected scripts and reduce impact if exploitation occurs. Monitor web server logs and CMS activity for unusual admin behavior or content changes. Consider isolating the CMS environment from critical internal networks to limit lateral movement if compromised. Since no official patch is available, organizations should explore temporary workarounds such as disabling the vulnerable page editor functionality or sanitizing inputs at the web application firewall (WAF) level. Engage with OpenSolution for updates and track vulnerability disclosures. Finally, educate administrators about the risks of privilege misuse and the importance of secure content management practices.