CVE-2025-62722

Name of the Vulnerable Software and Affected Versions LinkAce versions 2.3.1 and below

Description LinkAce is a self-hosted archive to collect website links. The social media sharing functionality contains a Stored Cross-Site Scripting (XSS) issue that allows an authenticated user to inject arbitrary JavaScript by creating a link with malicious HTML in the title field. When a user views the link details page and the shareable links are rendered, the malicious JavaScript executes in their browser. This can be exploited to steal session cookies, perform actions on behalf of users, or deliver malware. The vulnerability is present in the rendering of shareable links.

Recommendations LinkAce versions prior to 2.4.0 should be updated to version 2.4.0 or later.