Medok228
·
Published
2025-09-08
·
Updated
2025-09-08
·
CVE-2025-53838
8.4
High
| Base vector | Vector | AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
LinkAce versions prior to 2.1.9
Description:
LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user's browser when a malicious link is clicked. The application contains a stored XSS vulnerability due to insufficient filtering and escaping of user-supplied data inserted into link attributes. Malicious JavaScript code can be saved in the database along with the link and executed in the user’s browser when clicking the link, leading to arbitrary script execution within the context of the site.
Recommendations:
Update LinkAce to version 2.1.9 or later.
Exploit
Fix
XSS