Advisories for Composer/Quickapps/Cms package

An issue was discovered in QuickAppsCMS (aka QACMS). A CSRF vulnerability can change the administrator password via the user/me URI.

CSRF in /admin/user/manage/add in QuickAppsCMS allows an unauthorized remote attacker to create an account with admin privileges.

QuickApps CMS is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account.