Back to overview

CVE-2026-14449

MEDIUM
6.4
CVSS 4.0
Description
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Metadata

CVE ID
CVE-2026-14449
State
PUBLISHED
Assigner
NCSC.ch
Reserved
2026-07-02 07:19 UTC
Published
2026-07-02 11:47 UTC
Last updated
2026-07-02 13:14 UTC
Primary CWE
CWE-79
CWE-79 Improper Neutralization of Input During Web Page Gene…
Vendor / Product
u5CMS / u5CMS
Sources
cve.org  ·  NVD

Severity & Metrics

6.4 MEDIUM CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
u5CMS u5CMS 0 ≤ 12.8.8
Weakness (CWE)
CWESourceDescription
CWE-79 adp CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS scores (1)
ScoreSeverityVersionSourceVector
6.4 MEDIUM 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H
Back to overview