CVE-2024-56508
HIGH
7,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: changed
Confidentiality: low
Integrity: high
Availability: none
Description
AI Translation Available
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the 'Import Bookmarks' functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0008
Percentile
0,2th
Updated
EPSS Score Trend (Last 90 Days)
434
Unrestricted Upload of File with Dangerous Type
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
ASP.NET, Not Language-Specific, PHP
Technologies:
Web Server
Application
Linkace by Linkace
Version Range Affected
To
1.15.6
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862
https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6
https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862