oss-sec mailing list archives

Re: Reflected XSS vulnerability in Shaarli v0.9.1

From: chbi () chbi eu
Date: Tue, 10 Oct 2017 19:54:53 +0200

A reflected XSS vulnerability in Shaarli v0.9.1 allows an
unauthenticated attacker to inject JavaScript. If the victim is an
administrator, an attacker can (for example) takeover the admin session
or change global settings or add/delete links. It is also possible to
execute JavaScript against unauthenticated users.

Fix:
https://github.com/shaarli/Shaarli/pull/987


CVE-2017-15215 has been assigned.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15215


-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 07)
- Re: Reflected XSS vulnerability in Shaarli v0.9.1 chbi (Oct 10)