CVE-2017-15215

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-15215

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-15215.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2017-15215

Published

2017-10-11T01:32:55Z

Modified

2025-04-20T01:37:25Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

References

Affected packages

Git / github.com/shaarli/shaarli

Affected ranges

Type: GIT
Repo: https://github.com/shaarli/shaarli
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1ea88ae7d1b7fb13e18f543e7c2ad99c4ccde19a