CVE-2026-2214
Cross-Site Scripting in Plugin 1.0 AdminAddAlbum.php
Publication date: 2026-02-09
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| fabian | online_music_site | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-2214 is a Stored Cross-Site Scripting (XSS) vulnerability found in version 1.0 of the ONLINE MUSIC SITE project, specifically in the AdminAddAlbum.php file.'}, {'type': 'paragraph', 'content': 'The vulnerability occurs because the application does not properly escape, sanitize, or parameterize user input submitted through the fields txtalbum, txtsinger, and txtwriter.'}, {'type': 'paragraph', 'content': 'An attacker can submit malicious HTML or JavaScript code (for example, <img src=x onerror=alert(1)>) which gets stored directly and permanently in the database without filtering.'}, {'type': 'paragraph', 'content': "When the application later retrieves and displays this stored data on a web page, the malicious code is executed by the victim's browser, enabling the attacker to run arbitrary scripts in the context of the affected web application."}] [1, 2, 3]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows attackers to execute arbitrary scripts in the context of the vulnerable web application, which can lead to several security risks.'}, {'type': 'list_item', 'content': "Execution of malicious JavaScript code in users' browsers."}, {'type': 'list_item', 'content': 'Session hijacking and theft of authentication cookies.'}, {'type': 'list_item', 'content': 'Phishing attacks by injecting deceptive content.'}, {'type': 'list_item', 'content': 'Compromise of data integrity and potential unauthorized actions performed on behalf of users.'}, {'type': 'paragraph', 'content': 'The exploit can be initiated remotely and requires user interaction, with the attacker needing to submit crafted input that is stored and later rendered to victims.'}] [1, 2, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for the presence of the vulnerable endpoint /Administrator/PHP/AdminAddAlbum.php and testing the input fields such as txtalbum, txtsinger, and txtwriter for improper sanitization.'}, {'type': 'paragraph', 'content': 'One method to identify vulnerable targets is using Google dorking with the query: inurl:Administrator/PHP/AdminAddAlbum.php.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts or test for the vulnerability, you can send crafted POST requests with malicious payloads like `<img src=x onerror=alert(1)>` to the AdminAddAlbum.php endpoint and observe if the payload is stored and executed.'}, {'type': 'paragraph', 'content': 'Example command using curl to test the vulnerability by submitting a malicious payload:'}, {'type': 'list_item', 'content': 'curl -X POST -F "txtalbum=<img src=x onerror=alert(1)>" -F "txtsinger=test" -F "txtwriter=test" http://targetsite/Administrator/PHP/AdminAddAlbum.php'}, {'type': 'paragraph', 'content': 'Monitoring web server logs for suspicious POST requests containing script tags or unusual characters in these fields can also help detect exploitation attempts.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include implementing proper input validation, escaping, or parameterization to prevent malicious code injection in the txtalbum, txtsinger, and txtwriter fields.'}, {'type': 'list_item', 'content': 'Strictly limit input length to reduce the space for injection.'}, {'type': 'list_item', 'content': 'Filter or replace special characters such as `<`, `>`, `\'`, `"`, `&`, and `/` with safe alternatives.'}, {'type': 'list_item', 'content': 'Enforce input validation to allow only specific characters or formats (e.g., letters, numbers, underscores).'}, {'type': 'list_item', 'content': 'Reject submissions that do not conform to these rules.'}, {'type': 'paragraph', 'content': 'Additionally, consider replacing the affected component with an alternative product if possible, as no known countermeasures or mitigations have been documented.'}] [1, 2, 3]