LinkAce Stored Cross-Site Scripting Vulnerability in Social Media Sharing Feature
Vulnerability
A stored cross-site scripting vulnerability has been identified in LinkAce versions through 2.3.1. This issue allows authenticated users to inject arbitrary JavaScript by entering malicious HTML into the link title field. The vulnerability arises when the injected script is executed in the browser of users viewing the link details page, particularly in the shareable links section. This flaw can be exploited to steal session cookies, perform actions on behalf of users, or deliver malware.
Impact
Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the link details.
Reproduction
To reproduce this vulnerability, log into LinkAce as an authenticated user and navigate to the link creation page. Enter a valid URL and inject a script payload, such as an image tag with an 'onerror' event, into the title field. After saving the link, go to the link details page. The injected JavaScript will execute immediately, demonstrating the cross-site scripting vulnerability.
Remediation
Update to LinkAce version 2.4.0, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.