Unrated severityOSV Advisory· Published Jan 26, 2026· Updated Jan 27, 2026
Shaarli vulnerable to stored XSS via Suggested Tags
CVE-2026-24476
Description
Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the <input> tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063mitrex_refsource_MISC
- github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pgmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.