Vulnerability Description
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linkace | Linkace | < 1.15.6 |
Related Weaknesses (CWE)
References
- https://github.com/Kovah/LinkAce/commit/c7cd6a323a03ccd89c7f905f7d9f2afc265b7b67Patch
- https://github.com/Kovah/LinkAce/security/advisories/GHSA-cjcg-wj4p-pgc5ExploitVendor Advisory
- https://github.com/Kovah/LinkAce/security/advisories/GHSA-cjcg-wj4p-pgc5ExploitVendor Advisory
FAQ
What is CVE-2024-56507?
CVE-2024-56507 is a vulnerability with a CVSS score of 4.6 (MEDIUM). LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL"...
How severe is CVE-2024-56507?
CVE-2024-56507 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-56507?
Check the references section above for vendor advisories and patch information. Affected products include: Linkace Linkace.