CVE-2026-14449
MEDIUMCVSS 6.4/10
Last modified
CVE-2026-14449 is a medium-severity vulnerability rated 6.4/10 on the CVSS scale. u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components.
Description
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
Metrics
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| u5CMS | u5CMS | <= 12.8.8 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14449?
u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components
How severe is CVE-2026-14449?
CVE-2026-14449 has a CVSS score of 6.4/10 (MEDIUM severity).
How do I fix CVE-2026-14449?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Related CVEs from 2026
- CVE-2026-14430Integer overflow in V8 in Google Chrome prior to 150.0.7871.…8.8
- CVE-2026-14431Type Confusion in V8 in Google Chrome prior to 150.0.7871.46…8.8
- CVE-2026-14432Use after free in V8 in Google Chrome prior to 150.0.7871.46…8.8
- CVE-2026-14439A path traversal vulnerability exists in the Git Service com…9.4
- CVE-2026-1444A vulnerability has been found in iJason-Liu Books_Manager u…2.4
- CVE-2026-14440Description: To issue and renew TLS certificates on beha…7.6
- CVE-2026-1445A vulnerability was found in iJason-Liu Books_Manager up to …4.7
- CVE-2026-14454Imager versions before 1.033 for Perl treat unsigned EXIF IF…9.8
- CVE-2026-14459Improper neutralization of argument delimiters in a command …8.8
- CVE-2026-1446There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS P…5
- CVE-2026-14460Missing Authorization vulnerability in TUBITAK BILGEM Softwa…8.8
- CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipin…5.1
Are you affected by CVE-2026-14449?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
