CVE-2024-56508

Published: Dec 27, 2024Modified: Oct 6, 2025

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Exploitability: 2.3 / Impact: 4.7

Source: security-advisories@github.com (Secondary)

Description

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.

Affected (1)

Products: Linkace: Linkace

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Linkace Linkace	Before 1.15.6

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (3)

https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6

Source: security-advisories@github.com

Patch

https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.