CVE-2026-2557
CVE-2026-2557 affects cskefu up to 8.0.1. The vulnerability is in the Upload function of MediaController.java (package com/cskefu/cc/controller/resource/MediaController.java) where the file upload path allows cross-site scripting. The issue is triggered remotely and exploit code is public (PoC). ...