CVE-2024-56508

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.

CVSS v3 7.6 HIGH

7.6^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6	Patch
https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862	Exploit Vendor Advisory
https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:*

History

06 Oct 2025, 15:04

Type	Values Removed	Values Added
Summary		(es) LinkAce es un archivo alojado en el servidor para recopilar enlaces de sus sitios web favoritos. Antes de la versión 1.15.6, existía una vulnerabilidad de carga de archivos en LinkAce. Este problema se produce en la función "Importar marcadores", donde se pueden cargar archivos HTML maliciosos que contienen payloads de JavaScript. Estos payloads se ejecutan cuando se accede a los enlaces cargados, lo que genera posibles escenarios de XSS reflejado o persistentes. Esta vulnerabilidad se solucionó en la versión 1.15.6.
First Time		Linkace Linkace linkace
CPE		cpe:2.3:a:linkace:linkace::::::::
References	~~() https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6 -~~	() https://github.com/Kovah/LinkAce/commit/8cf3670d71a8629d33408da76f9d441a1aa933f6 - Patch
References	~~() https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862 -~~	() https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862 - Exploit, Vendor Advisory

27 Dec 2024, 21:15

Type	Values Removed	Values Added
References	~~() https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862 -~~	() https://github.com/Kovah/LinkAce/security/advisories/GHSA-2wvv-4576-8862 -

27 Dec 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-27 16:15

Updated : 2025-10-06 15:04

NVD link : CVE-2024-56508

Mitre link : CVE-2024-56508

CVE.ORG link : CVE-2024-56508

JSON object : View

Products Affected

linkace

linkace

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

7.6 /10