ByteOS Network

Shaarli

Source -

CNA

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-55291

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-7.1||HIGH

EPSS-0.02% / 3.74%

7 Day CHG~0.00%

Published-18 Aug, 2025 | 17:06

Updated-18 Aug, 2025 | 20:16

Shaarli allows reflected XSS via searchtags parameter

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability is fixed in 0.15.0.

Vendor-shaarli

Product-Shaarli

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE ID-CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE ID-CWE-87

Improper Neutralization of Alternate XSS Syntax

CVE-2013-7351

Assigner-Debian GNU/Linux

View Details

Assigner-Debian GNU/Linux

CVSS Score-6.1||MEDIUM

EPSS-0.96% / 75.53%

7 Day CHG~0.00%

Published-02 Jan, 2020 | 19:42

Updated-06 Aug, 2024 | 18:01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

Vendor-shaarli_project Shaarli

Product-shaarli Shaarli

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')