CVE-2026-7501 MEDIUM

CVE-2026-7501: LinkStackOrg LinkStack UserController.php editPage cross site scripting

Vendor Linkstackorg
Product LinkStack
Weakness CWE-79 · XSS
Published April 30, 2026
Last update May 1, 2026
View on NVD All CVEs

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through a pull request but has not reacted yet.

Key dates

Disclosure timeline

April 30, 2026 CVE published
May 1, 2026 Record updated