PT-2026-55054 · U5Cms · U5Cms

Pierre-Yves Guerder

·

Published

2026-07-02

·

Updated

2026-07-02

·

CVE-2026-14449

CVSS v4.0

6.4

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Name of the Vulnerable Software and Affected Versions u5CMS versions prior to 12.8.9
Description The software is susceptible to reflected Cross-Site Scripting (XSS), a type of attack where malicious scripts are injected into a web page and reflected back to the user. This occurs via the thanks parameter within multiple form components when using POST requests.
Recommendations Update u5CMS to version 12.8.9 or later. As a temporary mitigation, restrict or sanitize the input of the thanks parameter in form components.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14449

Affected Products

U5Cms