Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: shaarli

Found 2 matching suggestions

Untriaged
Permalink CVE-2013-7351
created 2 days, 21 hours ago
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow …

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

Affected products

Shaarli
  • ==before 53da201749f8f362323ef278bf338f1d9f7a925a

Matching in nixpkgs

Package maintainers

Published
Permalink CVE-2026-24476
updated 3 weeks, 4 days ago by @LeSuisse Activity log
  • Created automatic suggestion 3 weeks, 5 days ago
  • @LeSuisse accepted 3 weeks, 4 days ago
  • @LeSuisse published on GitHub 3 weeks, 4 days ago
Shaarli vulnerable to stored XSS via Suggested Tags

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

Affected products

Shaarli
  • ==< 0.16.0

Matching in nixpkgs

pkgs.shaarli

Personal, minimalist, super-fast, database free, bookmarking service

Package maintainers

Upstream advisory: https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
Upstream patch: https://github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063