XSS in Kovah Linkace
CVE-2026-45343
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.001 (26.5th percentile) — read the EPSS interpretation.
Affected products
- Kovah Linkace — versions < 2.5.6
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)