Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
SourceCodester Modern Image Gallery App File Upload Cross-Site Scripting
CVE-2026-3070
Summary
The SourceCodester Modern Image Gallery App has a bug in its file upload feature, allowing hackers to inject malicious code into the app. This could potentially allow them to take control of the app or steal user data. To protect your app, you should update to a fixed version or patch the vulnerability as soon as possible.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| remyandrade | modern_image_gallery_app | 1.0 | – |
Original title
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument file...
Original description
A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
nvd CVSS2.0
5.0
nvd CVSS3.1
6.1
nvd CVSS4.0
5.3
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://github.com/tiancesec/CVE/issues/28 Exploit Issue Tracking Mitigation Third Party Advisory
- https://vuldb.com/?ctiid.347425 Permissions Required VDB Entry
- https://vuldb.com/?id.347425 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.757768 Third Party Advisory VDB Entry
- https://www.sourcecodester.com/ Product
Published: 24 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026