CVE-2024-56507

27 Dic 2024

Título es

CVE-2024-56507

Vie, 27/12/2024 – 16:15

Tipo

CWE-79

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-56507

Descripción en

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim’s browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6.

27/12/2024

Vector CVSS:3.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Gravedad 3.1 (CVSS 3.1 Base Score)

4.60

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

MEDIUM

Referencias

https://github.com/Kovah/LinkAce/commit/c7cd6a323a03ccd89c7f905f7d9f2afc265b7b67

https://github.com/Kovah/LinkAce/security/advisories/GHSA-cjcg-wj4p-pgc5

Enviar en el boletín

Off

CVE-2024-56507

CVE-2024-56507

Jose Alexis Correa Valencia