CVE-2026-24476
Shaarli (personal bookmarking service) is affected by CVE-2026-24476 prior to version 0.16.0. A malicious tag beginning with a double quote (") prematurely ends the start-page input tag and injects arbitrary HTML, enabling a possible XSS. The issue is fixed in version 0.16.0. Public references in...