Description

LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker can set a malicious JavaScript payload as their username. When an action performed by this user is recorded (e.g., generate or revoke an API token), the payload is stored in the database. The script is then executed in the browser of any user, particularly administrators, who views the /system/audit page. This vulnerability is fixed in 2.3.1.

INFO

Published Date :

2025-09-18T19:53:38.718Z

Last Modified :

2025-09-18T20:05:47.823Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59424 vulnerability.

Vendors Products
Linkace
  • Linkace
Linkace Project
  • Linkace
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59424.

URL Resource
https://github.com/Kovah/LinkAce/commit/c0d21b974b32f1ca2fab550fb476c573a068e196 cve-icon cve-icon
https://github.com/Kovah/LinkAce/security/advisories/GHSA-289g-9gff-p4wh cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact