CVE-2018-5249

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-5249
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5249.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-5249
Published
2018-01-05T20:29:00.220Z
Modified
2026-04-10T04:10:53.120662Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).

References

Affected packages

Git / github.com/shaarli/shaarli

Affected ranges

Type
GIT
Repo
https://github.com/shaarli/shaarli
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9cd0df4d07599e8f0406c5cd867ebd01edc03846
Introduced
54c8e8d2998c5ab5ffd08ae8f1fa11276773c16c
Fixed
cb9b87eb1ca015b0fdb03a223e2df190cb53cf05
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.8.5"
        },
        {
            "introduced": "0.9.0"
        },
        {
            "fixed": "0.9.3"
        }
    ]
}

Affected versions

0.*
0.5.3
v0.*
v0.0.40beta
v0.0.41beta
v0.0.42beta
v0.0.43beta
v0.0.44beta
v0.0.45beta
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.5
v0.7.0
v0.8.0
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-5249.json"