LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.
History

Mon, 06 Oct 2025 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Linkace
Linkace linkace
CPEs cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:*
Vendors & Products Linkace
Linkace linkace

Fri, 27 Dec 2024 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 27 Dec 2024 16:00:00 +0000

Type Values Removed Values Added
Description LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.
Title File Upload Vulnerability Leading to XSS in LinkAce v1.15.5
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-12-27T15:52:57.644Z

Updated: 2024-12-27T20:58:58.230Z

Reserved: 2024-12-26T19:28:24.134Z

Link: CVE-2024-56508

cve-icon Vulnrichment

Updated: 2024-12-27T20:58:45.702Z

cve-icon NVD

Status : Analyzed

Published: 2024-12-27T16:15:25.187

Modified: 2025-10-06T15:04:06.937

Link: CVE-2024-56508

cve-icon Redhat

No data.