LinkAce Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in LinkAce versions prior to 2.1.9. This vulnerability allows an attacker to inject arbitrary JavaScript, which is executed in the context of the user's browser when the malicious link is clicked. The issue arises from inadequate filtering and escaping of user-supplied data in link attributes, enabling the injection of harmful scripts that are saved in the database and executed upon link access.

Impact

Exploitation of this vulnerability allows for full execution of injected JavaScript in the user's browser, potentially leading to theft of session tokens, execution of cross-site request forgery attacks, phishing, manipulation of page content, and other malicious activities. This vulnerability poses a significant risk to all users who click on the affected link, especially those with elevated privileges or access to sensitive information.

Reproduction

To reproduce this vulnerability, update an existing link with a URL value that includes JavaScript code, such as 'javascript:alert(1)'. After the link is updated, navigate to the page containing the link and click on it. This will trigger the execution of the injected JavaScript in the user's browser.

Remediation

Users can upgrade to LinkAce version 2.1.9 or later to address this vulnerability.