Links Security Vulnerabilities

CVE-2024-29770

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pretty Links Shortlinks by Pretty Links allows Reflected XSS.This issue affects Shortlinks by Pretty Links: from n/a through...

CVE-2022-47149

Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0...

CVE-2023-26537

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nicolly WP No External Links plugin <= 1.0.2...

CVE-2023-22720

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Robert Macchi WP Links Page plugin <= 4.9.3...

CVE-2022-1095

The Mihdan: No External Links WordPress plugin before 5.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2017-15863

Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin before 3.5.19 for WordPress via the date1 or date2 parameter to...

CVE-2005-3697

Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in...

CVE-2022-3135

The SEO Smart Links WordPress plugin through 3.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2022-1759

The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and...

CVE-2015-9495

The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor...

CVE-2016-4833

Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2015-5497

Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified...

CVE-2015-4388

Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search...

CVE-2014-6294

Cross-site scripting (XSS) vulnerability in the External links click statistics (outstats) extension 0.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2014-4537

Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the Keyword Strategy Internal Links plugin 2.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the (1) sort, (2) search, or (3) dir...

CVE-2008-6033

SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2008-6031

SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: it was later reported that 2.34 is also...

CVE-2008-2529

SQL injection vulnerability in read.php in Advanced Links Management (ALM) 1.5.2 allows remote attackers to execute arbitrary SQL commands via the catId...

CVE-2007-5598

Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2007-3981

SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat...

CVE-2007-2373

SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) 1.03 and earlier module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid...

CVE-2006-5925

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET...

CVE-2004-1616

Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by...

CVE-2002-1405

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace...