Stored XSS Vulnerability in UBB.threads by UBB Central
CVE-2026-54219

5.1MEDIUM

Key Information:

Vendor: Ubb Systems
Status: Ubb.threads
Vendor: CVE Published:; 18 June 2026

🔔 Create Ubb Systems Vulnerability Alert

What is CVE-2026-54219?

The UBB.threads application by UBB Central is susceptible to a Stored XSS vulnerability that arises from inadequate sanitization of user inputs. This flaw allows low-privileged attackers to embed arbitrary JavaScript code into user posts and profile fields. When other users view these posts or user profiles, the malicious script executes in their browsers, potentially leading to unauthorized actions or data theft. Although the vulnerability has been confirmed in version 7.7.5, it may impact other versions of the product as well.

Affected Version(s)

UBB.threads 0 <= 7.7.5

References

https://www.ubbcentral.com/

product

https://cert.pl/en/posts/2026/06/CVE-2026-54219

third-party-advisory

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2026
Vulnerability Reserved
Jun 12, 2026

Credit

Kamil Szczurowski (Securitum)

Michał Wnękowicz (Securitum)

CVE-2026-54219 Data

JSON