CVE Catalog

CVE-2026-14449

MediumCVSS 6.4
Published: Updated: Translated: NVD NIST

Summary

u5CMS through v12.8.8 is vulnerable to reflected XSS via the 'thanks' parameter in multiple form components.

Risk Assessment

An attacker can inject malicious JavaScript that executes in the victim's browser, leading to session theft, redirects, or data theft.

Recommendation

Immediately update u5CMS to the latest version and validate/sanitize the 'thanks' parameter in all forms.

Original NVD description (English source)

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Vulnerability data from NVD (NIST) · CISA KEV · EPSS