漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
File Upload Vulnerability Leading to XSS in LinkAce v1.15.5
Vulnerability Description
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N
Vulnerability Type
危险类型文件的不加限制上传
Vulnerability Title
LinkAce 安全漏洞
Vulnerability Description
LinkAce是Kevin Woblick个人开发者的一个自托管档案库,用于收集您最喜爱的网站的链接。 LinkAce 1.15.6之前版本存在安全漏洞。攻击者利用该漏洞可以上传包含 JavaScript 有效载荷的恶意 HTML 文件。
CVSS Information
N/A
Vulnerability Type
N/A