CVE-2023-6646

Source
https://cve.org/CVERecord?id=CVE-2023-6646
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6646.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-6646
Published
2023-12-09T21:31:03.919Z
Modified
2026-07-15T01:48:56.521602883Z
Severity
  • 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
Summary
linkding cross site scripting
Details

A vulnerability classified as problematic has been found in linkding 1.23.0. Affected is an unknown function. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.23.1 is able to address this issue. It is recommended to upgrade the affected component. VDB-247338 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early, responded in a very professional manner and immediately released a fixed version of the affected product.

Database specific
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/6xxx/CVE-2023-6646.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/sissbruecker/linkding

Affected ranges

Type
GIT
Repo
https://github.com/sissbruecker/linkding
Events
Database specific
{
    "cpe": "cpe:2.3:a:sissbruecker:linkding:1.23.0:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.23.0"
        },
        {
            "last_affected": "1.23.0"
        }
    ],
    "source": [
        "CPE_STRING",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.23.0
v1.*
v1.23.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6646.json"