CVE-2026-54219
MediumCVSS 5.1Exploitation Probability (EPSS)
Low risk21th percentile — higher than 21% of all known CVEs
Summary
UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing.
Risk Assessment
Attackers can exploit this vulnerability to steal user data or hijack sessions, potentially leading to serious security breaches within the organization.
Recommendation
It is recommended to update to the latest version of UBB.threads and implement additional input sanitization mechanisms.
Original NVD description (English source)
UBB.threads is vulnerable to Stored XSS via user posts and user profile fields. The application fails to properly sanitize user input, allowing low privileged attackers to inject arbitrary JavaScript that executes in a victim's browser upon viewing. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

