VYPR

Shaarli

by Shaarli

Source repositories

CVEs (9)

  • CVE-2017-15215MedOct 11, 2017
    risk 0.40cvss 6.1epss 0.01

    Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete…

  • CVE-2025-55291HigAug 18, 2025
    risk 0.39cvss 7.1epss 0.00

    Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This…

  • CVE-2026-48821Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting (XSS) vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX…

  • CVE-2026-48823Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark…

  • CVE-2026-48822Jun 17, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a…

  • CVE-2026-24476Jan 26, 2026
    risk 0.00cvss epss 0.00

    Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

  • CVE-2023-49469Dec 28, 2023
    risk 0.00cvss epss 0.01

    Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function.

  • CVE-2013-7351Jan 2, 2020
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors…

  • CVE-2018-5249MedJan 5, 2018
    risk 0.00cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).