CVE-2023-6646 Information

Description

A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early responded in a very professional manner and immediately released a fixed version of the affected product.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Reference

https://vuldb.com/?id.247338 https://vuldb.com/?ctiid.247338 https://treasure-blarney-085.notion.site/linkding-XSS-12709fa5ec664c8ebf6a4a02141252a8 https://github.com/sissbruecker/linkding/releases/tag/v1.23.1

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4