CVE-2025-59424

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.3.1

Description LinkAce is a self-hosted archive to collect website links. A Stored Cross-Site Scripting (XSS) vulnerability exists on the /system/audit page. The application does not properly sanitize the username field before rendering it in the audit log. An authenticated attacker can set a malicious JavaScript payload as their username. This payload is stored in the database and executed in the browser of users who view the /system/audit page.

Recommendations Update to version 2.3.1 or later.