{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T14:18:05.939","vulnerabilities":[{"cve":{"id":"CVE-2026-1468","sourceIdentifier":"cvd@cert.pl","published":"2026-03-06T11:16:08.613","lastModified":"2026-04-27T19:22:08.623","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"QuickCMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. An attacker can craft special website, which when visited by the victim, will automatically send a POST request with victim's privileges.\nThis software does not implement any protection against this type of attack. All forms available in this software are potentially vulnerable.\n\nThe vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.8 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable."},{"lang":"es","value":"QuickCMS es vulnerable a la falsificación de petición en sitios cruzados en múltiples puntos finales. Un atacante puede crear un sitio web especial que, al ser visitado por la víctima, enviará automáticamente una petición POST con los privilegios de la víctima.\nEste software no implementa ninguna protección contra este tipo de ataque. Todos los formularios disponibles en este software son potencialmente vulnerables.\n\nEl proveedor fue notificado con antelación sobre esta vulnerabilidad, pero no respondió con los detalles de la vulnerabilidad o el rango de versiones vulnerables. Solo la versión 6.8 fue probada y confirmada como vulnerable; otras versiones no fueron probadas y también podrían ser vulnerables."}],"metrics":{"cvssMetricV40":[{"source":"cvd@cert.pl","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"cvd@cert.pl","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"references":[{"url":"https://cert.pl/posts/2026/03/CVE-2026-1468","source":"cvd@cert.pl"},{"url":"https://opensolution.org/cms-system-quick-cms.html","source":"cvd@cert.pl"}]}}]}