XSS in U5cms

CVE-2026-14449

u5CMS through v12.8.8 is vulnerable to reflected XSS via the ‘thanks’ parameter in multiple form components

Vulnerability class: XSS (Cross-Site Scripting)

Affected products

Weakness classification (CWE)

References