CVE-2025-55291 Shaarli allows reflected XSS via searchtags parameter

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting XSS vulnerability. This vulnerability is fixed in 0.15.0...

Shaarli Cross-Site Scripting Vulnerability

Shaarli is a set of website cloning tools from the French Sebsauvage project. A cross-site scripting vulnerability exists in version 0.9.1 of Shaarli. A remote attacker can inject JavaScript code by sending the 'searchtags' parameter to the index.php file...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-15215

CVE-2017-15215 is a reflected XSS vulnerability in Shaarli v0.9.1. An unauthenticated attacker can inject JavaScript via the searchtags parameter to index.php, potentially compromising admin sessions or altering global settings if the victim is an administrator, or executing JavaScript for unauth...