CWE-64
AllowedWindows Shortcut Following (.LNK)
Abstraction: Variant · Status: Incomplete
The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
22 vulnerabilities reference this CWE, most recent first.
GHSA-2PQJ-H3VJ-PQGW
Vulnerability from github – Published: 2020-09-01 16:41 – Updated: 2023-06-26 17:03Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.
Proof of Concept
$("#log").html(
$("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html()
);
Recommendation
Update to version 1.9.0 or later.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.8.3"
},
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-6708"
],
"database_specific": {
"cwe_ids": [
"CWE-64",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-08-31T18:19:31Z",
"nvd_published_at": "2018-01-18T23:29:00Z",
"severity": "MODERATE"
},
"details": "Affected versions of `jquery` are vulnerable to cross-site scripting. This occurs because the main `jquery` function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that `jquery` may interpret HTML as selectors when given certain inputs, allowing for client side code execution.\n\n## Proof of Concept\n```\n$(\"#log\").html(\n $(\"element[attribute=\u0027\u003cimg src=\\\"x\\\" onerror=\\\"alert(1)\\\" /\u003e\u0027]\").html()\n);\n```\n\n\n\n\n## Recommendation\n\nUpdate to version 1.9.0 or later.",
"id": "GHSA-2pqj-h3vj-pqgw",
"modified": "2023-06-26T17:03:57Z",
"published": "2020-09-01T16:41:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16011"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6708"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227132049/http://www.securityfocus.com/bid/102792"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/npm:jquery:20120206"
},
{
"type": "WEB",
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-JQUERY-450223"
},
{
"type": "WEB",
"url": "https://research.insecurelabs.org/jquery/test"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"type": "WEB",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2012-6708.yml"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.2.0/vendor/assets/javascripts/jquery.js#L67"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L59"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/9521"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/6429"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/12531"
},
{
"type": "WEB",
"url": "https://bugs.jquery.com/ticket/11290"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/161972/Linksys-EA7500-2.0.8.194281-Cross-Site-Scripting.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-Site Scripting in jquery"
}
GHSA-5HF3-34GJ-8W5G
Vulnerability from github – Published: 2022-05-24 17:45 – Updated: 2022-05-24 17:45The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.
{
"affected": [],
"aliases": [
"CVE-2021-1492"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-25T15:15:00Z",
"severity": "HIGH"
},
"details": "The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.",
"id": "GHSA-5hf3-34gj-8w5g",
"modified": "2022-05-24T17:45:21Z",
"published": "2022-05-24T17:45:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1492"
},
{
"type": "WEB",
"url": "https://help.duo.com/s/article/6789"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5P26-HW7F-3CPR
Vulnerability from github – Published: 2019-02-07 18:14 – Updated: 2023-09-12 20:39All versions of html-pages are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "html-pages"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-16481"
],
"database_specific": {
"cwe_ids": [
"CWE-64",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:16:48Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All versions of `html-pages` are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim\u0027s browser through folders with names containing malicious code.\n\n\n## Recommendation\n\nNo fix is currently available. Consider using an alternative package until a fix is made available.",
"id": "GHSA-5p26-hw7f-3cpr",
"modified": "2023-09-12T20:39:48Z",
"published": "2019-02-07T18:14:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16481"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/330356"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1001"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-Site Scripting in html-pages"
}
GHSA-87MG-H5R3-HW88
Vulnerability from github – Published: 2019-05-30 17:23 – Updated: 2021-09-16 21:01All version of bootbox are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.
Recommendation
Sanitize user input being passed to bootbox or consider using an alternative package.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "bootbox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.5.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-64",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2019-05-30T17:22:56Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "All version of `bootbox` are vulnerable to Cross-Site Scripting. The package does not sanitize user input in the provided dialog boxes, allowing attackers to inject HTML code and execute arbitrary JavaScript.\n\n\n## Recommendation\n\nSanitize user input being passed to `bootbox` or consider using an alternative package.",
"id": "GHSA-87mg-h5r3-hw88",
"modified": "2021-09-16T21:01:13Z",
"published": "2019-05-30T17:23:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/makeusabrew/bootbox/issues/661"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/508446"
},
{
"type": "PACKAGE",
"url": "https://github.com/makeusabrew/bootbox"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/882"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Cross-Site Scripting in bootbox"
}
GHSA-8QP3-9598-WCP2
Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
{
"affected": [],
"aliases": [
"CVE-2025-49385"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T21:15:39Z",
"severity": "HIGH"
},
"details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
"id": "GHSA-8qp3-9598-wcp2",
"modified": "2025-06-17T21:32:31Z",
"published": "2025-06-17T21:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49385"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-18461"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-C77F-4RGJ-JFR4
Vulnerability from github – Published: 2021-09-15 20:23 – Updated: 2023-12-07 23:44Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/beego/beego/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-39391"
],
"database_specific": {
"cwe_ids": [
"CWE-64",
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2021-09-15T18:12:59Z",
"nvd_published_at": "2021-09-14T18:15:00Z",
"severity": "MODERATE"
},
"details": "Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the \"Request Statistics\" page.",
"id": "GHSA-c77f-4rgj-jfr4",
"modified": "2023-12-07T23:44:35Z",
"published": "2021-09-15T20:23:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39391"
},
{
"type": "WEB",
"url": "https://github.com/beego/beego/issues/4727"
},
{
"type": "PACKAGE",
"url": "https://github.com/beego/beego"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Cross-site Scripting in Beego"
}
GHSA-C8JV-WC89-VQF7
Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.
{
"affected": [],
"aliases": [
"CVE-2025-48443"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T21:15:38Z",
"severity": "MODERATE"
},
"details": "Trend Micro Password Manager (Consumer) version 5.0.0.1266 and below is vulnerable to a Link Following Local Privilege Escalation Vulnerability that could allow a local attacker to leverage this vulnerability to delete files in the context of an administrator when the administrator installs Trend Micro Password Manager.",
"id": "GHSA-c8jv-wc89-vqf7",
"modified": "2025-06-17T21:32:31Z",
"published": "2025-06-17T21:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48443"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-12917"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-361"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-F8GC-2MMP-FJWC
Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-07-10 21:31Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
{
"affected": [],
"aliases": [
"CVE-2025-52521"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T19:15:25Z",
"severity": "HIGH"
},
"details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
"id": "GHSA-f8gc-2mmp-fjwc",
"modified": "2025-07-10T21:31:52Z",
"published": "2025-07-10T21:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52521"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-18876"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-25-585"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HG4C-7PQX-8677
Vulnerability from github – Published: 2025-07-10 21:31 – Updated: 2025-07-10 21:31Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
{
"affected": [],
"aliases": [
"CVE-2025-53503"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T19:15:26Z",
"severity": "HIGH"
},
"details": "Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
"id": "GHSA-hg4c-7pqx-8677",
"modified": "2025-07-10T21:31:52Z",
"published": "2025-07-10T21:31:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53503"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/tmka-12951"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-M8CC-RRMC-GM24
Vulnerability from github – Published: 2025-06-17 21:32 – Updated: 2025-06-17 21:32Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
{
"affected": [],
"aliases": [
"CVE-2025-49384"
],
"database_specific": {
"cwe_ids": [
"CWE-64"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-17T21:15:39Z",
"severity": "HIGH"
},
"details": "Trend Micro Security 17.8 (Consumer) is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.",
"id": "GHSA-m8cc-rrmc-gm24",
"modified": "2025-06-17T21:32:31Z",
"published": "2025-06-17T21:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49384"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-11112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
No CAPEC attack patterns related to this CWE.