← back
CVE-2013-7351

CVE-2013-7351

EPSS 2.2%
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
Affected products
Shaarli · Shaarli

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/oss-sec/2014/q2/1http://seclists.org/oss-sec/2014/q2/4https://exchange.xforce.ibmcloud.com/vulnerabilities/92215https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925ahttps://github.com/sebsauvage/Shaarli/issues/134