# Exploit Title: Quick.CMS 6.7 - Cross Site request forgery (CSRF) to Cross-site Scripting (XSS) (Authenticated) # Date: 21/04/2021 # Exploit Author: Rahad Chowdhury # Vendor Homepage: https://opensolution.org/ # Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip # Version: 6.7 # Tested on: Windows 8.1, Kali Linux, Burp Suite Steps to Reproduce: 1. At first login to your panel 2. then click the "Sliders" menu to "New Slider" 3. now intercept with the burp suite and save a new slider 4. Then use XSS payload in sDescription value. 5. Now Generate a CSRF POC