CVE Daily

CVE-2025-55291

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15...

High CVSS 7.1

Overview

Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the </title> tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This vulnerability is fixed in 0.15.0.

CWE: CWE-79 Published: 2025-08-18T17:15:31.243
Risk analysis

This vulnerability is rated 🟠 HIGH.

  • CVSS: 7.1 (HIGH)
  • Detected tags: xss (tag impact: MODERATE)

Recommended actions:

  • Apply context-aware output encoding.
  • Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags