CVE-2024-56508

HIGH Year: 2024
CVSS v3 Score
7.6
High
Weakness Type
CWE-434
View all →

Vulnerability Description

LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6.

Related Vulnerabilities

CVE-2021-3915

HIGH
CVSS:7.6(High)

bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type

CWE-4342021

CVE-2022-4506

HIGH
CVSS:7.6(High)

Unrestricted Upload of File with Dangerous Type in GitHub repository openemr/openemr prior to 7.0.0.2.

CWE-4342022

CVE-2023-0455

HIGH
CVSS:7.6(High)

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta.

CWE-4342023

CVE-2024-31210

HIGH
CVSS:7.6(High)

WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins -> Add New -> Up...

CWE-4342024

CVE-2015-9338

HIGH
CVSS:7.5(High)

The wp-file-upload plugin before 2.5.0 for WordPress has insufficient restrictions on upload of .php files.

CWE-4342015

CVE-2015-9339

HIGH
CVSS:7.5(High)

The wp-file-upload plugin before 2.7.1 for WordPress has insufficient restrictions on upload of .js files.

CWE-4342015