logo_clicknbuy.png

CVE-2025-53838 – LinkAce has a Stored One Click XSS vulnerability

The following table lists the changes that have been made to the
CVE-2025-53838 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution
of a vulnerability, and for identifying the most recent changes that may
impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received
    by [email protected]

    Sep. 08, 2025

    Action Type Old Value New Value
    Added Description LinkAce is a self-hosted archive to collect website links. A stored cross-site scripting (XSS) vulnerability was discovered in versions prior to 2.1.9 that allows an attacker to inject arbitrary JavaScript, which is then executed in the context of a user’s browser when the malicious link is clicked. This is a one-click XSS, meaning the victim only needs to click a crafted link — no further interaction is required. The application contains a stored XSS vulnerability due to insufficient filtering and escaping of user-supplied data inserted into link attributes. Malicious JavaScript code can be saved in the database along with the link and executed in the user’s browser when clicking the link, leading to arbitrary script execution within the context of the site. Version 2.1.9 fixes the issue.
    Added CVSS V4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CWE CWE-79
    Added Reference https://github.com/Kovah/LinkAce/commit/4da467a4b0fbb1650670e603f4449b8a47695631
    Added Reference https://github.com/Kovah/LinkAce/security/advisories/GHSA-vwmx-v9qf-q656
  • CVE Modified
    by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Sep. 08, 2025

    Action Type Old Value New Value
    Added Reference https://github.com/Kovah/LinkAce/security/advisories/GHSA-vwmx-v9qf-q656
Share the Post:

Related Posts