LinkStackOrg LinkStack UserController.php editPage cross site scripting_CVE-2026-7501

5.1 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

Description

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through a pull request but has not reacted yet.

Basic Information

ID CVE-2026-7501

Source VulDB

Published Apr 30, 2026 at 20:45

Affected Product

Vendor LinkStackOrg

Product LinkStack

Version 4.8.0

Affected Versions LinkStackOrg LinkStack 4.8.0
LinkStackOrg LinkStack 4.8.1
LinkStackOrg LinkStack 4.8.2
LinkStackOrg LinkStack 4.8.3
LinkStackOrg LinkStack 4.8.4
LinkStackOrg LinkStack 4.8.5
LinkStackOrg LinkStack 4.8.6

CWE Classification

CWE-79 CWE-94

References

{
    "lastseen": "",
    "description": "A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through a pull request but has not reacted yet.",
    "published": "2026-04-30T20:45:12.021Z",
    "modified": "2026-04-30T20:45:12.021Z",
    "type": "cve",
    "title": "LinkStackOrg LinkStack UserController.php editPage cross site scripting",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/360311\nhttps://vuldb.com/vuln/360311/cti\nhttps://vuldb.com/submit/801651\nhttps://github.com/LinkStackOrg/LinkStack/pull/974\nhttps://github.com/az10b/security-advisories/blob/main/stored_xss_linkstack.md\nhttps://github.com/LinkStackOrg/LinkStack/",
    "id": "CVE-2026-7501",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79",
        "CWE-94"
    ],
    "cvelist": null,
    "sourceData": "LinkStackOrg LinkStack 4.8.0\nLinkStackOrg LinkStack 4.8.1\nLinkStackOrg LinkStack 4.8.2\nLinkStackOrg LinkStack 4.8.3\nLinkStackOrg LinkStack 4.8.4\nLinkStackOrg LinkStack 4.8.5\nLinkStackOrg LinkStack 4.8.6",
    "sourceHref": "",
    "cvss": {
        "score": 5.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LinkStack",
    "version": "4.8.0",
    "vendor": "LinkStackOrg",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}