Impact
UBB.threads contains a stored XSS flaw that allows a low‑privileged attacker to inject arbitrary JavaScript into posts and user profile fields. When a victim views the compromised content, the script runs in their browser, enabling cookie theft, session hijacking, or other malicious actions that compromise the confidentiality and integrity of user accounts.
Affected Systems
UBB Systems UBB.threads version 7.7.5 is confirmed vulnerable; other releases may also be affected, but no additional data is available.
Risk and Exploitability
The CVSS score of 5.1 indicates a moderate threat level, and the EPSS score is not available. The vulnerability is not listed in CISA's KEV catalog. Attackers can exploit the flaw from any user account that can create or edit posts or profile information. No special privileges or network access are required beyond normal user functionality. Given the absence of a vendor patch, the risk persists until a fix is deployed.
OpenCVE Enrichment