Browse all 4 CVE security advisories affecting QDOCS. AI-powered Chinese analysis, POCs, and references for each vulnerability.
QDocs is a document management system designed for secure file storage and collaboration. Historically, it has been susceptible to multiple vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, with four CVEs documented to date. The platform's security architecture has faced scrutiny for insufficient input validation and access control flaws, potentially allowing unauthorized access or system compromise. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices. Organizations implementing QDocs should prioritize regular patching and hardening to mitigate potential exploitation risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4991 | QDOCS Smart School Management System Admission Enquiry enquiry cross site scripting — Smart School Management SystemCWE-79 | 3.5 | Low | 2026-03-27 |
| CVE-2025-41107 | Stored XSS in Smart School — Smart SchooCWE-79 | 6.1 | - | 2025-11-10 |
| CVE-2024-8784 | QDocs Smart School Management System Chat mynewuser sql injection — Smart School Management SystemCWE-89 | 6.3 | Medium | 2024-09-13 |
| CVE-2023-5495 | QDocs Smart School HTTP POST Request sql injection — Smart SchoolCWE-89 | 6.3 | Medium | 2023-10-10 |
This page lists every published CVE security advisory associated with QDOCS. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.