CVE-2026-2557
Cross-Site Scripting in cskefu File Upload Component
Publication date: 2026-02-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cskefu | cskefu | to 8.0.1 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2557 is a cross-site scripting (XSS) vulnerability found in the cskefu software up to version 8.0.1. It exists in the upload function of the file com/cskefu/cc/controller/resource/MediaController.java, part of the File Upload component.
The vulnerability occurs because user-controllable input is not properly neutralized before being included in web page output, allowing attackers to inject malicious scripts.
An attacker can exploit this by uploading a malicious HTML file with a text/html MIME type, which when accessed later, executes embedded JavaScript, resulting in a Stored Cross-Site Scripting attack.
The attack can be launched remotely and requires some user interaction. A proof-of-concept exploit is publicly available.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute malicious scripts in the context of your web application.
Such cross-site scripting attacks can lead to unauthorized actions performed on behalf of users, theft of sensitive information, session hijacking, or defacement of web content.
Because the vulnerability affects data integrity and is remotely exploitable without local access, it poses a risk to the security and trustworthiness of your system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by testing the file upload functionality of the cskefu application, specifically targeting the Upload function in the MediaController.java file. Detection involves attempting to upload a malicious HTML file with embedded JavaScript code and then accessing it via the /res/image endpoint to see if the script executes, indicating a stored cross-site scripting (XSS) vulnerability.'}, {'type': 'paragraph', 'content': 'Since the vulnerability arises from improper validation of the Content-Type header during file uploads, you can use commands or tools to upload crafted files with a text/html MIME type and observe the behavior.'}, {'type': 'list_item', 'content': 'Use curl to upload a malicious HTML file with Content-Type set to text/html to the upload endpoint.'}, {'type': 'list_item', 'content': 'Example curl command: curl -X POST -H "Content-Type: text/html" --data-binary @malicious.html http://target-server/upload'}, {'type': 'list_item', 'content': 'After upload, access the uploaded file via the /res/image endpoint in a browser or with curl to check if the embedded JavaScript executes.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious requests or responses containing injected scripts related to the upload functionality.'}] [1, 2]
What immediate steps should I take to mitigate this vulnerability?
There are no known official countermeasures or mitigations provided by the vendor for this vulnerability.
Immediate steps to mitigate the vulnerability include:
- Avoid using the affected version of cskefu (up to 8.0.1) and consider replacing the affected component with an alternative product.
- Implement strict validation and sanitization of uploaded files, especially validating the Content-Type header and disallowing uploads of files with text/html MIME type.
- Restrict access to the upload functionality to trusted users only, if possible.
- Monitor for exploitation attempts and apply web application firewall (WAF) rules to detect and block malicious payloads targeting the upload endpoint.