CVE Catalog

CVE-2026-54219

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing.

Risk Assessment

Attackers can exploit this vulnerability to steal user data or hijack sessions, potentially leading to serious security breaches within the organization.

Recommendation

It is recommended to update to the latest version of UBB.threads and implement additional input sanitization mechanisms.

Original NVD description (English source)

UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS