CVE-2026-2557 | cskefu up to 8.0.1 File Upload MediaController.java upload cross site scripting

A vulnerability classified as problematic was found in cskefu up to 8.0.1. Impacted is the function Upload of the file com/cskefu/cc/controller/resource/MediaController.java of the component File Upload. The manipulation results in cross site scripting.

This vulnerability is cataloged as CVE-2026-2557. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More