Submit #801651: LinkStackOrg LinkStack 4.8.6 Improper Neutralization of Alternate XSS Syntaxinfo

TitleLinkStackOrg LinkStack 4.8.6 Improper Neutralization of Alternate XSS Syntax
DescriptionThe product does not neutralize, or incorrectly neutralizes, user-controlled input for alternate script syntax. This applies because the app blocks <script> tags via strip_tags(), but fails to neutralize alternate XSS vectors such as event handler attributes (onmouseover, onclick, etc.) on otherwise allowed tags. I have already submitted a pull request to fix the issue. https://github.com/LinkStackOrg/LinkStack/pull/974
Source⚠️ https://github.com/az10b/security-advisories/blob/main/stored_xss_linkstack.md
User
 AliAz (UID 74624)
Submission04/10/2026 06:07 (3 months ago)
Moderation04/30/2026 16:38 (20 days later)
StatusAccepted
VulDB entry360311 [LinkStackOrg LinkStack up to 4.8.6 UserController.php editPage pageDescription cross site scripting]
Points20

Do you know our Splunk app?

Download it now for free!