CVE-2026-54221EPSS p20.7%

CVE-2026-54221CVE-2026-54221

Description

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link.  Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Scoring

EPSS0.29% probability of exploitation · percentile 20.7% · 2026-06-19T12:03:05Z
Last modified2026-06-18
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.