LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9

APPLICATION

BROWSER

DATABASE

WEBSITE

08-09-2025 19:01

CVE-2025-53838 Vulnerabilidad documentada

Sin puntuación

Tags

#xss

#site

#cross

#data

#web

#lte

#javascript

#java

#cross-site

#website

#database

#browser

#application

#vulnerability

#/data(.*)java/iU

#data java

#cross-site scripting

#arbitrary

#scripting

#malicious

#issue

#inject

#fix

#execution

#execute

#discover

#allow

#attack

Descripción

LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior 2.1.9 that allows an attacker inject arbitrary JavaScript, which then executed the context of user's browser when malicious link clicked. This one-click XSS, meaning victim only needs click crafted — no further interaction required. The application contains XSS due insufficient filtering and escaping user-supplied data inserted into attributes. Malicious JavaScript code can be saved database along with user’s clicking link, leading script execution within site. Version fixes issue.

https://github.com/Kovah/LinkAce/commit/4da467a4b0fbb1650670e603f4449b8a47695631

https://github.com/Kovah/LinkAce/security/advisories/GHSA-vwmx-v9qf-q656

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-53838

Resultados similares

Coincidentes en almenos en 50% de los tags

08-09-2025 CVE-2025-42927
SAP NetWeaver AS Java application uses Adobe Document Service, installed with a vulnerable vers...
Ver información

08-09-2025 CVE-2025-59033
The Microsoft vulnerable driver block list is implemented as Windows Defender Application Contr...
Ver información