Vulnerability Details CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://openwall.com/lists/oss-security/2017/10/07/2
- https://github.com/shaarli/Shaarli/pull/987
- https://github.com/shaarli/Shaarli/releases/tag/v0.9.2
- http://openwall.com/lists/oss-security/2017/10/07/2
- https://github.com/shaarli/Shaarli/pull/987
- https://github.com/shaarli/Shaarli/releases/tag/v0.9.2
Products affected by CVE-2017-15215
-
cpe:2.3:a:shaarli_project:shaarli:0.9.1