Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Reflected Cross-Site Scripting (XSS) Vulnerability in LinkAce
Vulnerability Description
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
LinkAce 安全漏洞
Vulnerability Description
LinkAce是Kevin Woblick个人开发者的一个自托管档案库,用于收集您最喜爱的网站的链接。 LinkAce 1.15.6之前版本存在安全漏洞,该漏洞源于用户输入在反映到 HTML 响应中之前未经过适当的清理或编码。攻击者利用该漏洞可以在受害者的浏览器中注入和执行任意 JavaScript。
CVSS Information
N/A
Vulnerability Type
N/A