CVE-2026-14449
POST-based reflected XSS via the thanks parameter in form components
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
| Vendor | u5cms |
| Product | u5cms |
| Published | Jul 2, 2026 |
| Last Updated | Jul 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for u5cms u5cms
Be the first to know when new unknown vulnerabilities affecting u5cms u5cms are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
Affected Versions
u5CMS / u5CMS
0 ≤ 12.8.8
References
Credits
Pierre-Yves Guerder