VYPR
Unrated severityOSV Advisory· Published Jan 26, 2026· Updated Jan 27, 2026

Shaarli vulnerable to stored XSS via Suggested Tags

CVE-2026-24476

Description

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the `` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Shaarli/ShaarliOSV2 versions
    0.5.3, help, v0.0.40beta, …+ 1 more
    • (no CPE)range: 0.5.3, help, v0.0.40beta, …
    • (no CPE)range: <0.16.0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.