Lucene search
K

93 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48822

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion...

5.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-48823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality ...

4.8CVSS6AI score0.00115EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-48821

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer...

5.8CVSS5.8AI score0.0013EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 9:16 p.m.13 views

CVE-2026-48821

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 9:16 p.m.5 views

DEBIAN-CVE-2026-48821

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.3AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 9:16 p.m.7 views

UBUNTU-CVE-2026-48821

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.7AI score0.0013EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 8:33 p.m.7 views

CVE-2026-48821

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a DOM-based Cross-Site Scripting XSS vulnerability in the Thumbnail Synchronizer feature. When an administrator runs the thumbnail update process, malicious bookmark titles are returned via an AJAX response and inserted...

5.8CVSS5.3AI score0.0013EPSS
Exploits0
CVE
CVE
added 2026/06/17 8:33 p.m.23 views

CVE-2026-48821

Shaarli versions ≤ 0.16.1 are affected by a DOM-based XSS in the Thumbnail Synchronizer. The ThumbnailsController::ajaxUpdate backend returns unescaped bookmark titles in JSON via an AJAX response, which are injected into the DOM by thumbnails-update.js using innerHTML. This requires an administr...

5.8CVSS5.3AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 8:17 p.m.15 views

CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS0.00115EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 8:17 p.m.6 views

DEBIAN-CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.5AI score0.00115EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 8:17 p.m.4 views

DEBIAN-CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 8:17 p.m.9 views

CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS0.0012EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 8:17 p.m.7 views

UBUNTU-CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 8:17 p.m.9 views

UBUNTU-CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.9AI score0.00115EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 8:6 p.m.8 views

CVE-2026-48823

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.4AI score0.00115EPSS
Exploits0
CVE
CVE
added 2026/06/17 8:6 p.m.17 views

CVE-2026-48823

Technical details are not publicly available in the provided documents. Monitor for updates from Shaarli advisories and releases.

4.8CVSS5.4AI score0.00115EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 8:6 p.m.24 views

CVE-2026-48823 Shaarli has Stored Cross-Site Scripting (XSS) via Tags Search

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS0.00115EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 7:59 p.m.7 views

CVE-2026-48822

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS5.4AI score0.0012EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 7:59 p.m.20 views

CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 7:59 p.m.18 views

CVE-2026-48822

Shaarli (versions ≤ 0.16.1) contains a stored XSS in the Bookmark Description field when a malicious javascript: URI is injected via Markdown reference links. The root cause is in BookmarkMarkdownFormatter.php: filterProtocols uses a regex that catches inline links but does not inspect Markdown r...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder