Medium severity6.1NVD Advisory· Published Oct 11, 2017· Updated May 13, 2026

CVE-2017-15215

Description

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

Affected products

Shaarli Project/Shaarli
cpe:2.3:a:shaarli_project:shaarli:0.9.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

openwall.com/lists/oss-security/2017/10/07/2nvdMailing ListPatchThird Party AdvisoryVDB Entry
github.com/shaarli/Shaarli/pull/987nvdThird Party Advisory
github.com/shaarli/Shaarli/releases/tag/v0.9.2nvdRelease NotesThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000