CVE Catalog

CVE-2026-54221

MediumCVSS 5.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.29%

21th percentile — higher than 21% of all known CVEs

Summary

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, allowing attackers to execute arbitrary JavaScript in the context of a victim's browser.

Risk Assessment

Attackers can exploit this vulnerability to hijack user sessions or steal data, posing a significant security threat to the organization.

Recommendation

It is recommended to update to the latest version of UBB.threads and implement appropriate input filtering and validation to minimize the risk of XSS attacks.

Original NVD description (English source)

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link.  Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS