Shaarli Project : Security Vulnerabilities, CVEs,

CVE-2023-49469

Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.
Max CVSS
6.1
EPSS Score
0.08%
Published
2023-12-28
Updated
2024-01-04

CVE-2018-5249

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).
Max CVSS
6.1
EPSS Score
0.13%
Published
2018-01-05
Updated
2018-01-17

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
Max CVSS
6.1
EPSS Score
0.12%
Published
2017-10-11
Updated
2017-10-27

CVE-2013-7351

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
Max CVSS
6.1
EPSS Score
1.07%
Published
2020-01-02
Updated
2020-01-09
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close