CVE-2026-7501

Name of the Vulnerable Software and Affected Versions LinkStackOrg LinkStack versions prior to 4.8.7

Description A weakness in the editPage() function within the app/Http/Controllers/UserController.php file allows for remote cross-site scripting (XSS), which occurs when a user-supplied value is included in a web page without proper validation or escaping. This is triggered by manipulating the pageDescription argument.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the editPage() function to minimize the risk of exploitation.