📦 Linkace

LinkAce versions before 1.15.6 contain a file upload vulnerability in the 'Import Bookmarks' feature that allows attackers to upload malicious HTML files containing JavaScript payloads. When users acc...

This CVE describes a stored cross-site scripting (XSS) vulnerability in LinkAce's Atom feed endpoint for lists. An authenticated user can inject malicious payloads into list descriptions that execute ...

This is a Stored Cross-Site Scripting (XSS) vulnerability in LinkAce's social media sharing functionality that allows authenticated users to inject malicious JavaScript into link titles. When other us...

This vulnerability in LinkAce allows any authenticated user to access all links, lists, and tags from all users in the system, regardless of ownership or visibility settings. It affects LinkAce versio...

This SSRF vulnerability in LinkAce allows authenticated attackers to make the application server send HTTP requests to internal network resources, enabling port scanning and service discovery. The imp...

This vulnerability in LinkAce allows any authenticated user to export the entire database of links, including private links belonging to other users. The export functions fail to apply proper access c...

LinkAce versions before 2.1.9 contain a stored cross-site scripting vulnerability that allows attackers to inject malicious JavaScript into link attributes. When users click on crafted links, the Java...

LinkAce versions before 1.15.6 contain a reflected cross-site scripting (XSS) vulnerability in the 'Edit Link' module's URL field. Attackers can inject malicious JavaScript that executes in victims' b...