Description

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.

INFO

Published Date :

2024-12-27T15:52:57.644Z

Last Modified :

2024-12-27T20:58:58.230Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56508 vulnerability.

Vendors Products
Linkace
  • Linkace
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56508.

URL Resource
https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6 cve-icon cve-icon
https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact