LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Oct 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Linkace
Linkace linkace |
|
CPEs | cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:* | |
Vendors & Products |
Linkace
Linkace linkace |
Fri, 27 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 27 Dec 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6. | |
Title | File Upload Vulnerability Leading to XSS in LinkAce v1.15.5 | |
Weaknesses | CWE-434 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-27T15:52:57.644Z
Updated: 2024-12-27T20:58:58.230Z
Reserved: 2024-12-26T19:28:24.134Z
Link: CVE-2024-56508

Updated: 2024-12-27T20:58:45.702Z

Status : Analyzed
Published: 2024-12-27T16:15:25.187
Modified: 2025-10-06T15:04:06.937
Link: CVE-2024-56508

No data.