Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-59424 PoC — LinkAce Vulnerable to Stored XSS on the Audit Page

Source
https://github.com/JOOJIII/CVE-2025-59424
Associated Vulnerability
Title:LinkAce Vulnerable to Stored XSS on the Audit Page (CVE-2025-59424)
Description:LinkAce is a self-hosted archive to collect website links. Prior to 2.3.1, a Stored Cross-Site Scripting (XSS) vulnerability has been identified on the /system/audit page. The application fails to properly sanitize the username field before it is rendered in the audit log. An authenticated attacker can set a malicious JavaScript payload as their username. When an action performed by this user is recorded (e.g., generate or revoke an API token), the payload is stored in the database. The script is then executed in the browser of any user, particularly administrators, who views the /system/audit page. This vulnerability is fixed in 2.3.1.
Description
LinkAce Stored Cross-Site Scripting (XSS) on the /system/audit page
Readme
# CVE-2025-59424
LinkAce Stored Cross-Site Scripting (XSS) on the /system/audit page
File Snapshot

 [4.0K]  /data/pocs/ec8eee82adb6e621e093d9691042e44fb863b565
├── [193K]  LinkAce.STORED.XSS.Report.pdf
└── [  85]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →