Impact
The vulnerability is a reflected cross‑site scripting flaw that allows attackers to embed arbitrary JavaScript in pages that are rendered in victims’ browsers when they follow a malicious link. The flaw exists because user input is incorporated into responses without proper validation or encoding, enabling malicious code to be executed with the victim’s session context.
Affected Systems
The flaw has been confirmed in the UBB.threads application version 7.7.5, produced by UBB Systems, and may also affect other, unverified releases of the same software.
Risk and Exploitability
The CVSS score of 5.1 indicates a moderate severity. Because the vulnerability is a reflected XSS that requires the victim to click a malicious link, the attack vector is cross‑site. The EPSS score is unavailable and the vulnerability is not listed in the CISA KEV catalog. Without an official patch, the risk arises only if an attacker can lure a user to the crafted URL; exploitation would result in arbitrary JavaScript running in the victim’s browser under the same origin as the site.
OpenCVE Enrichment