CVE-2026-2557

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-2557

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2557.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-2557

Published

2026-02-16T14:16:18.440Z

Modified

2026-02-23T02:04:39.749546Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability was detected in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected packages

Git / github.com/cskefu/cskefu

Affected ranges

Type: GIT
Repo: https://github.com/cskefu/cskefu
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

568a0e6b607ffbe325296587390446ef3acc9482

Affected versions

3.*

3.10.0

5.*

5.0.0

5.1.0

5.1.1

6.*

6.0.0

7.*

7.0.0

7.0.1

8.*

8.0.0.RC1

8.0.0.RC2

8.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-2557.json"