CVE-2013-7351

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-7351

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-7351.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2013-7351

Downstream

DEBIAN-CVE-2013-7351

Published

2020-01-02T20:15:15Z

Modified

2025-08-09T20:01:27Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

References

http://seclists.org/oss-sec/2014/q2/1
http://seclists.org/oss-sec/2014/q2/4
https://exchange.xforce.ibmcloud.com/vulnerabilities/92215
https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
https://github.com/sebsauvage/Shaarli/issues/134

CVE-2013-7351

Affected packages