# Exploit Title: Quick.CMS 6.7 - Cross-site request forgery (CSRF) to Cross-site Scripting (XSS) (Authenticated) # Date: 2021-04-21 # Exploit Author: Rahad Chowdhury # Vendor Homepage: https://opensolution.org/ # Software Link: https://opensolution.org/download/home.html?sFile=Quick.Cms_v6.7-en.zip # Version: 6.7 # Tested on: Windows 8.1, Kali Linux, Burp Suite Steps to Reproduce: Steps to Reproduce: 1. At first login your panel 2. then click the "Sliders" menu to "New Slider" 3. now intercept with the burp suite and save a new slider 4. Then use XSS payload in sDescription value. 5. Now Generate a CSRF POC