🔐 CVE Alert

CVE-2026-14449

UNKNOWN 0.0

POST-based reflected XSS via the thanks parameter in form components

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Vendor u5cms
Product u5cms
Published Jul 2, 2026
Last Updated Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for u5cms u5cms

Be the first to know when new unknown vulnerabilities affecting u5cms u5cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

u5CMS / u5CMS
0 ≤ 12.8.8

References

NVD ↗ CVE.org ↗ EPSS Data ↗
github.com: https://github.com/u5cms/u5cms/releases/tag/v12.8.9

Credits

Pierre-Yves Guerder