u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
Project Subscriptions
No data.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
| Link | Providers |
|---|---|
| https://github.com/u5cms/u5cms/releases/tag/v12.8.9 |
|
History
Thu, 02 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
ssvc
|
Thu, 02 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components | |
| Title | POST-based reflected XSS via the thanks parameter in form components | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: NCSC.ch
Published:
Updated: 2026-07-02T13:14:25.969Z
Reserved: 2026-07-02T07:19:55.068Z
Link: CVE-2026-14449
Updated: 2026-07-02T13:14:22.840Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses