CVE-2017-15215

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2017-15215
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15215.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2017-15215
Published
2017-10-11T01:32:55.317Z
Modified
2026-04-10T03:58:44.622004Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

References

Affected packages

Git / github.com/shaarli/shaarli

Affected ranges

Type
GIT
Repo
https://github.com/shaarli/shaarli
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
1ea88ae7d1b7fb13e18f543e7c2ad99c4ccde19a
Fixed
ecccb14e2ab4e5f372ea9946b29995c3c7122a5c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.9.1"
        }
    ]
}

Affected versions

0.*
0.5.3
Other
help
v0.*
v0.0.40beta
v0.0.41beta
v0.0.42beta
v0.0.43beta
v0.0.44beta
v0.0.45beta
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.8.0
v0.8.1
v0.9.0
v0.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15215.json"