Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: shaarli

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2013-7351
created 2 months ago
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow …

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

Affected products

Shaarli
  • ==before 53da201749f8f362323ef278bf338f1d9f7a925a

Matching in nixpkgs

pkgs.shaarli

Personal, minimalist, super-fast, database free, bookmarking service

Package maintainers

Untriaged
Permalink CVE-2026-24476
created 2 months, 3 weeks ago
Shaarli vulnerable to stored XSS via Suggested Tags

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

Affected products

Shaarli
  • ==< 0.16.0

Matching in nixpkgs

pkgs.shaarli

Personal, minimalist, super-fast, database free, bookmarking service

Package maintainers