Browse all 4 CVE security advisories affecting LinkStackOrg. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Linkstackorg operates as a link-in-bio platform enabling users to consolidate multiple URLs into a single customizable landing page. Historically, the service has been susceptible to cross-site scripting (XSS) and remote code execution vulnerabilities, often stemming from improper input validation and insecure API endpoints. While no major public security incidents have been documented, the four recorded CVEs highlight recurring issues in sanitizing user-generated content and managing access controls. The platform's security posture appears typical for web-based services, with vulnerabilities primarily centered around client-side injection flaws and insufficient server-side protections against unauthorized access.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7502 | LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization — LinkStackCWE-639 | 5.4 | Medium | 2026-04-30 |
| CVE-2026-7501 | LinkStackOrg LinkStack UserController.php editPage cross site scripting — LinkStackCWE-79 | 3.5 | Low | 2026-04-30 |
| CVE-2023-5838 | Insufficient Session Expiration in linkstackorg/linkstack — linkstackorg/linkstackCWE-613 | 9.4 | - | 2023-10-29 |
| CVE-2023-5840 | Weak Password Recovery Mechanism for Forgotten Password in linkstackorg/linkstack — linkstackorg/linkstackCWE-640 | 9.8 | - | 2023-10-29 |
This page lists every published CVE security advisory associated with LinkStackOrg. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.