We've updated our policy regarding how we treat and protect data that is collected and used from our websites. This site also uses cookies which are necessary to its functioning and required to achieve the purposes illustrated in the policy. By using this site you agree to our use of cookies. Please read our Privacy Policy for more information and your related choices.
We want to become the best SaaSSoftware as a Service, or SaaS, is a licensing model that describes software provided on a subscription basis. SaaS software is hosted by the software provider. Subscriptions are typically monthly, or annual. CMS. Period.
Our mission is to provide our customers with a content management system that is secure, easy to use, and deployed with a lower total cost of ownership.
We're not done yet, but we seem to be on the right path.
In the News
- QuickSilk First SaaS Solution Available on GCloud.ca Marketplace Made-in-Canada marketplace allows for quick, cost-effective transactions between Canadian Government and Public Sector; Ottawa-based QuickSilk's CMS first solution available on the platform.
- We're one of the best kept secrets in Canadian software. QuickSilk looks to ramp up growth
- GoodFirms names QuickSilk as one of the Top 10 list of Best Content Management Systems.
- QuickSilk named EPIC#2019 Innovation top three finalist, for excellence in the Prevention and Investigation of Cybercrimes (EPIC) Awards, by Canadian Association of Chiefs of Police and CATAAlliance.
- ControlScan Penetration Testing Reinforces Differentiation of QuickSilk’s CMS Platform
Media Contributions
- CMS Wire
What is a Progressive Web App - Security Boulevard
Pinning Down a Phishing Definition - CMS Wire
Cloud Content Management Needs Accumulate for the Digital Workplace - Pythian
How Cloud Computing Has Transformed over the past Decade - Reader's Digest
7 Alarming Things a Hacker Can Do When They Have Your Email Address - Klipfolio
Using Website Data To Predict and Avoid a Website Hacker Attack - LegalZoom
Business Owners Offer Advice for Coping With COVID-19 Disruptions - MRC
-
AUTHENTICAT8
How Secure is your Content Management System -
Rasmussen University
Exploring the Cybersecurity Skills Employers are Seeking -
ZENTICA GLOBAL
How to Design and Effective Business Website -
CBNATION
28 Entrepreneurs Explain How They Came Up With Their Business Names
Open Source CMS Vulnerabilities
WordPress Vulnerabilities Reported by PatchStack
-
June 24, 2022Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
-
June 24, 2022Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
-
June 24, 2022Hand curated, verified and enriched vulnerability information by Patchstack security experts. Find all WordPress plugin, theme and core security issues.
CVE Details Vulnerability Reporting
WordPress
-
January 6, 2022WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Due to lack of proper sanitization in one of the classes, there's potential for unintended SQL queries to be executed. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 4.1.34. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. (CVSS:6.5) (Last Update:2022-04-12)
-
January 6, 2022WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. (CVSS:6.5) (Last Update:2022-04-12)
-
January 6, 2022WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. Low-privileged authenticated users (like author) in WordPress core are able to execute JavaScript/perform stored XSS attack, which can affect high-privileged users. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. (CVSS:3.5) (Last Update:2022-04-12)
Drupal
-
June 10, 2022Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. (CVSS:5.0) (Last Update:2022-06-17)
-
June 10, 2022Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. (CVSS:5.0) (Last Update:2022-06-17)
-
May 25, 2022Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. (CVSS:5.8) (Last Update:2022-06-07)
Joomla!
-
March 30, 2022An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. (CVSS:6.8) (Last Update:2022-04-05)
-
March 30, 2022An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application. (CVSS:5.0) (Last Update:2022-04-05)
-
March 30, 2022An issue was discovered in Joomla! 4.0.0 through 4.1.0. Possible XSS atack vector through SVG embedding in com_media. (CVSS:4.3) (Last Update:2022-04-05)