CVE-2026-3070 MEDIUM

CVE-2026-3070: SourceCodester Modern Image Gallery App upload.php cross site scripting

Vendor Sourcecodester

Product Modern Image Gallery App

Weakness CWE-79 · XSS

Published February 24, 2026

Last update February 24, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.

Key dates

Disclosure timeline

February 24, 2026 CVE published

February 24, 2026 Record updated