Home / Vulnerability Intelligence / CVE-2026-3070

CVE-2026-3070 - Vulnerability Analysis

MediumCVSS: 4.3

Last Updated: February 24, 2026

SourceCodester Modern Image Gallery App - Stored XSS

Published: February 24, 2026Updated: February 24, 2026PoC AvailableRemote Exploitable

Overview

SourceCodester Modern Image Gallery App 1.0 contains a stored XSS caused by manipulation of the "filename" argument in upload.php, letting remote attackers execute scripts, exploit requires no special privileges.

Severity & Score

Severity: Medium

CVSS Score: 4.3

Impact

Remote attackers can execute arbitrary scripts, potentially leading to session hijacking or user impersonation.

Mitigation

Update to the latest version or apply patches that sanitize the filename input.

References

https://github.com/tiancesec/CVE/issues/28
https://vuldb.com/?ctiid.347425
https://vuldb.com/?id.347425
https://vuldb.com/?submit.757768
https://www.sourcecodester.com/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-3070
Severity: Medium
CVSS Score: 4.3
Type: stored_xss
Status: confirmed

CWE

CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N