CVE-2023-6646

Summary

CVE-2023-6646 is a newly disclosed vulnerability affecting Linkding version 1.23.0. An unknown function in the software is the culprit, allowing attackers to execute cross-site scripting (XSS) attacks. Manipulation of the argument 'q' triggers the vulnerability, enabling remote exploitation. The exploit has been made public, increasing the risk of attacks. To mitigate this issue, it is recommended to upgrade to version 1.23.1, which has been released by the vendor to address the problem. The vulnerability has been assigned identifier VDB-247338. The vendor responded promptly to the disclosure and released a fixed version, demonstrating a professional approach to security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.