3 matches found
CVE-2026-48822
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...
CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links
Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...
CVE-2024-25090
Apache Roller is affected by a cross-site scripting (XSS) vulnerability due to insufficient input validation and sanitation in Profile name & screenname, Bookmark name & description, and blogroll name fields across versions 5.0.0 to 6.1.2. The issue can be exploited by an authenticated user to pe...