CVE-2023-6646

A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sissbruecker:linkding:1.23.0:*:*:*:*:*:*:*

History

13 Dec 2023, 16:53

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CPE cpe:2.3:a:sissbruecker:linkding:1.23.0:*:*:*:*:*:*:*
References () https://vuldb.com/?ctiid.247338 - () https://vuldb.com/?ctiid.247338 - Permissions Required, Third Party Advisory
References () https://github.com/sissbruecker/linkding/releases/tag/v1.23.1 - () https://github.com/sissbruecker/linkding/releases/tag/v1.23.1 - Release Notes
References () https://treasure-blarney-085.notion.site/linkding-XSS-12709fa5ec664c8ebf6a4a02141252a8 - () https://treasure-blarney-085.notion.site/linkding-XSS-12709fa5ec664c8ebf6a4a02141252a8 - Exploit, Third Party Advisory
References () https://vuldb.com/?id.247338 - () https://vuldb.com/?id.247338 - Third Party Advisory

09 Dec 2023, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-09 22:15

Updated : 2024-05-17 02:33


NVD link : CVE-2023-6646

Mitre link : CVE-2023-6646

CVE.ORG link : CVE-2023-6646


JSON object : View

Products Affected

sissbruecker

  • linkding
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')