CVE-2026-2557

Name of the Vulnerable Software and Affected Versions cskefu versions up to 8.0.1

Description A flaw exists in cskefu that allows for cross site scripting. The issue is located in the Upload function within the com/cskefu/cc/controller/resource/MediaController.java file of the File Upload component. This manipulation can be initiated remotely. The exploit is publicly available. The vendor was informed of this issue but did not provide a response.

Recommendations Versions prior to 8.0.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.