CVE Catalog
CVE-2026-14449
MediumCVSS 6.4Summary
u5CMS through v12.8.8 is vulnerable to reflected XSS via the 'thanks' parameter in multiple form components.
Risk Assessment
An attacker can inject malicious JavaScript that executes in the victim's browser, leading to session theft, redirects, or data theft.
Recommendation
Immediately update u5CMS to the latest version and validate/sanitize the 'thanks' parameter in all forms.
Original NVD description (English source)
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

