CVE-2024-56508

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 1.15.6

Description The issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios.

Recommendations For versions prior to 1.15.6, update to version 1.15.6 to resolve the issue. As a temporary workaround, consider disabling the "Import Bookmarks" functionality until a patch is available. Restrict access to uploaded links to minimize the risk of exploitation. Avoid using the "Import Bookmarks" feature with untrusted files until the issue is resolved.