Nyctophile0969

**Name of the Vulnerable Software and Affected Versions** LinkAce versions prior to 2.3.1 **Description** LinkAce is a self-hosted archive to collect website links. A Stored Cross-Site Scripting (XSS) vulnerability exists on the `/system/audit` page. The application does not properly sanitize the `username` field before rendering it in the audit log. An authenticated attacker can set a malicious JavaScript payload as their `username`. This payload is stored in the database and executed in the browser of users who view the `/system/audit` page. **Recommendations** Update to version 2.3.1 or later.