oss-sec mailing list archives
Re: Reflected XSS vulnerability in Shaarli v0.9.1
From: chbi () chbi eu
Date: Tue, 10 Oct 2017 19:54:53 +0200
A reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) takeover the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users. Fix: https://github.com/shaarli/Shaarli/pull/987
CVE-2017-15215 has been assigned. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215 -- chbi https://chbi.eu GPG: 3DE9 9187 4BE9 EAE6 3CA8 DC20 BA7B 93F9 9037 AE7E https://chbi.eu/chbi.asc
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 07)
- Re: Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 10)