Home > Vulnerability Database > CVE-2024-56507

Mend.io Vulnerability Database

CVE-2024-56507

Date: December 27, 2024

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6.

Severity Score

4.6

Related Resources (4)

Url: https://github.com/Kovah/LinkAce/security/advisories/GHSA-cjcg-wj4p-pgc5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-56507

Url: https://github.com/Kovah/LinkAce/commit/c7cd6a323a03ccd89c7f905f7d9f2afc265b7b67

Url: https://www.mend.io/vulnerability-database/CVE-2024-56507

Severity Score

4.6

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-56507

Date: December 27, 2024

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?