Reflected Cross-Site Scripting Vulnerability in LinkAce
CVE-2024-56507

4.6MEDIUM

Key Information:

Vendor: Kovah
Status: Linkace
Vendor: CVE Published:; 27 December 2024

What is CVE-2024-56507?

LinkAce, a self-hosted platform designed for archiving links, is susceptible to a reflected cross-site scripting (XSS) vulnerability that affects versions prior to 1.15.6. The flaw lies within the 'URL' field of the 'Edit Link' module, where user input is not adequately sanitized before being reflected in the HTML output. This oversight can enable attackers to inject and execute arbitrary JavaScript code in the victim's browser session. Such exploitation poses serious risks, including session hijacking, potential data theft, and unauthorized actions performed on behalf of the user. It is crucial for users running versions before 1.15.6 to update promptly to protect against this vulnerability.

Affected Version(s)

LinkAce < 1.15.6

References

https://github.com/Kovah/LinkAce/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/Kovah/LinkAce/commit/c7cd6a323a03ccd89...

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2024
Vulnerability Reserved
Dec 26, 2024

CVE-2024-56507 Data

JSON