Common Weakness Enumeration

CWE-64

Allowed

Windows Shortcut Following (.LNK)

Abstraction: Variant · Status: Incomplete

The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

22 vulnerabilities reference this CWE, most recent first.

GHSA-2PQJ-H3VJ-PQGW

Vulnerability from github – Published: 2020-09-01 16:41 – Updated: 2023-06-26 17:03
VLAI
Summary
Cross-Site Scripting in jquery
Details

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html(
    $("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html()
);

Recommendation

Update to version 1.9.0 or later.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.3"
      },
      "package": {
        "ecosystem": "npm",
        "name": "jquery"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.webjars.npm:jquery"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.8.3"
      },
      "package": {
        "ecosystem": "NuGet",
        "name": "jQuery"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "jquery-rails"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.2.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-6708"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-08-31T18:19:31Z",
    "nvd_published_at": "2018-01-18T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Affected versions of `jquery` are vulnerable to cross-site scripting. This occurs because the main `jquery` function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that `jquery` may interpret HTML as selectors when given certain inputs, allowing for client side code execution.\n\n## Proof of Concept\n```\n$(\"#log\").html(\n    $(\"element[attribute=\u0027\u003cimg src=\\\"x\\\" onerror=\\\"alert(1)\\\" /\u003e\u0027]\").html()\n);\n```\n\n\n\n\n## Recommendation\n\nUpdate to version 1.9.0 or later.",
  "id": "GHSA-2pqj-h3vj-pqgw",
  "modified": "2023-06-26T17:03:57Z",
  "published": "2020-09-01T16:41:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16011"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200227132049/http://www.securityfocus.com/bid/102792"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/npm:jquery:20120206"
    },
    {
      "type": "WEB",
      "url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223"
    },
    {
      "type": "WEB",
      "url": "https://research.insecurelabs.org/jquery/test"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jquery/jquery"
    },
    {
      "type": "WEB",
      "url": "https://bugs.jquery.com/ticket/9521"
    },
    {
      "type": "WEB",
      "url": "https://bugs.jquery.com/ticket/6429"
    },
    {
      "type": "WEB",
      "url": "https://bugs.jquery.com/ticket/12531"
    },
    {
      "type": "WEB",
      "url": "https://bugs.jquery.com/ticket/11290"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-Site Scripting in jquery"
}

GHSA-5HF3-34GJ-8W5G

Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45
VLAI
Details

The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1492"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-03-25T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.",
  "id": "GHSA-5hf3-34gj-8w5g",
  "modified": "2022-05-24T17:45:21Z",
  "published": "2022-05-24T17:45:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1492"
    },
    {
      "type": "WEB",
      "url": "https://help.duo.com/s/article/6789"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-5P26-HW7F-3CPR

Vulnerability from github – Published: 2019-02-07 18:14 – Updated: 2023-09-12 20:39
VLAI
Summary
Cross-Site Scripting in html-pages
Details

All versions of html-pages are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "html-pages"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "3.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-16481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:16:48Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "All versions of `html-pages` are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim\u0027s browser through folders with names containing malicious code.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
  "id": "GHSA-5p26-hw7f-3cpr",
  "modified": "2023-09-12T20:39:48Z",
  "published": "2019-02-07T18:14:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16481"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/330356"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/1001"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-Site Scripting in html-pages"
}

GHSA-87MG-H5R3-HW88

Vulnerability from github – Published: 2019-05-30 17:23 – Updated: 2021-09-16 21:01
VLAI
Summary
Cross-Site Scripting in bootbox
Details

All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.

Recommendation

Sanitize user input being passed to bootbox or consider using an alternative package.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "bootbox"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "5.5.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-64",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2019-05-30T17:22:56Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "All version of `bootbox` are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.\n\n\n## Recommendation\n\nSanitize user input being passed to `bootbox` or consider using an alternative package.",
  "id": "GHSA-87mg-h5r3-hw88",
  "modified": "2021-09-16T21:01:13Z",
  "published": "2019-05-30T17:23:28Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/makeusabrew/bootbox/issues/661"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/508446"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/makeusabrew/bootbox"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/882"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Cross-Site Scripting in bootbox"
}

GHSA-8QP3-9598-WCP2

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49385"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
  "id": "GHSA-8qp3-9598-wcp2",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49385"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-18461"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-380"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-C77F-4RGJ-JFR4

Vulnerability from github – Published: 2021-09-15 20:23 – Updated: 2023-12-07 23:44
VLAI
Summary
Cross-site Scripting in Beego
Details

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/beego/beego/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-39391"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64",
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-09-15T18:12:59Z",
    "nvd_published_at": "2021-09-14T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the \"Request Statistics\" page.",
  "id": "GHSA-c77f-4rgj-jfr4",
  "modified": "2023-12-07T23:44:35Z",
  "published": "2021-09-15T20:23:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39391"
    },
    {
      "type": "WEB",
      "url": "https://github.com/beego/beego/issues/4727"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/beego/beego"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-site Scripting in Beego"
}

GHSA-C8JV-WC89-VQF7

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48443"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:38Z",
    "severity": "MODERATE"
  },
  "details": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.",
  "id": "GHSA-c8jv-wc89-vqf7",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48443"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-12917"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-361"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F8GC-2MMP-FJWC

Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-07-10 21:31
VLAI
Details

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-52521"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T19:15:25Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
  "id": "GHSA-f8gc-2mmp-fjwc",
  "modified": "2025-07-10T21:31:52Z",
  "published": "2025-07-10T21:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52521"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-18876"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-25-585"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HG4C-7PQX-8677

Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-07-10 21:31
VLAI
Details

Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-53503"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-10T19:15:26Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
  "id": "GHSA-hg4c-7pqx-8677",
  "modified": "2025-07-10T21:31:52Z",
  "published": "2025-07-10T21:31:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53503"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/tmka-12951"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-M8CC-RRMC-GM24

Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32
VLAI
Details

Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-49384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-64"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T21:15:39Z",
    "severity": "HIGH"
  },
  "details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
  "id": "GHSA-m8cc-rrmc-gm24",
  "modified": "2025-06-17T21:32:31Z",
  "published": "2025-06-17T21:32:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49384"
    },
    {
      "type": "WEB",
      "url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-11112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-48.1
Architecture and Design

Strategy: Separation of Privilege

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

No CAPEC attack patterns related to this CWE.