Unrated severityOSV Advisory· Published Jan 26, 2026· Updated Jan 27, 2026
Shaarli vulnerable to stored XSS via Suggested Tags
CVE-2026-24476
Description
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the `` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063mitrex_refsource_MISC
- github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pgmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.