CVE-2026-3070
Cross-Site Scripting in SourceCodester Image Gallery Upload.php
Publication date: 2026-02-24
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| remyandrade | modern_image_gallery_app | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-3070 is a Stored Cross-Site Scripting (XSS) vulnerability found in SourceCodester Modern Image Gallery App version 1.0, specifically in the file upload.php.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the application fails to properly sanitize or encode user-supplied input from the "filename" parameter and the file content during image uploads. This improper handling allows attackers to inject malicious JavaScript code that is stored and later executed in the context of other users\' browsers.'}, {'type': 'paragraph', 'content': 'Exploitation involves uploading a file with a manipulated filename containing embedded script tags, which when rendered by the application without adequate encoding or validation, executes the malicious script.'}, {'type': 'paragraph', 'content': 'No authentication is required to exploit this vulnerability, and the attack can be launched remotely, though it requires some user interaction.'}] [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability allows attackers to execute malicious scripts in the browsers of users who view the affected content, potentially compromising data integrity and user sessions.
- Session hijacking through cookie theft.
- Unauthorized user actions performed on behalf of victims.
- Phishing attacks by redirecting users to malicious sites.
- Website defacement or alteration of displayed content.
Because the exploit requires no authentication and can be performed remotely, it poses a significant threat to user data privacy and application integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability can be detected by identifying instances of the vulnerable application and testing the 'filename' parameter in the upload.php file for cross-site scripting (XSS) behavior."}, {'type': 'paragraph', 'content': 'One method to find potentially vulnerable targets is to use Google dorking with queries such as "inurl:upload.php" to locate exposed upload.php endpoints.'}, {'type': 'paragraph', 'content': 'To test for the vulnerability, you can attempt to upload a file with a manipulated filename containing a script payload, for example, a filename like "test<script>alert(1)</script>.jpg" and observe if the script executes when the filename is rendered.'}, {'type': 'paragraph', 'content': 'On the network or system, monitoring HTTP POST requests to upload.php with suspicious filename parameters containing script tags can help detect exploitation attempts.'}, {'type': 'paragraph', 'content': 'Example commands for detection might include using curl to simulate the upload with a malicious filename payload:'}, {'type': 'list_item', 'content': 'curl -X POST -F "[email protected];filename=test<script>alert(1)</script>.jpg" -F "title=example" -F "description=desc" -F "category=1" http://target/upload.php'}, {'type': 'paragraph', 'content': 'Additionally, searching web server logs for requests to upload.php containing suspicious script tags in the filename parameter can help identify attempts.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': "Immediate mitigation steps include implementing proper input validation and output encoding for the 'filename' parameter and any user-supplied data."}, {'type': 'list_item', 'content': 'Apply context-aware output encoding such as HTML entity encoding to neutralize any embedded scripts before rendering filenames in the web interface.'}, {'type': 'list_item', 'content': 'Implement strict input validation with allowlists to filter out dangerous characters like <, >, ", \', and & from filenames.'}, {'type': 'list_item', 'content': 'Deploy a strong Content Security Policy (CSP) to restrict the sources of executable scripts and reduce the impact of any injected malicious code.'}, {'type': 'list_item', 'content': 'Set HttpOnly and Secure flags on cookies, especially session cookies, to prevent access via JavaScript and mitigate session hijacking risks.'}, {'type': 'paragraph', 'content': 'If possible, consider replacing the affected software with an alternative product that does not have this vulnerability.'}] [2, 3, 1]