CVE-2024-56507

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 1.15.6

Description A reflected cross-site scripting (XSS) issue exists in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions.

Recommendations For versions prior to 1.15.6, update to version 1.15.6 to resolve the issue. As a temporary workaround, consider restricting user input in the "URL" field of the "Edit Link" module to minimize the risk of exploitation.