CVE-2026-24476

Опубликовано: 26 янв. 2026

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the <input> tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

Ссылки

https://github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063
Patch
https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:shaarli_project:shaarli:*:*:*:*:*:*:*:*

Версия до 0.16.0 (исключая)

EPSS

Процентиль: 8%

0.00027

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2026-24476

CVSS3: 5.4

ubuntu

2 месяца назад

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

CVE-2026-24476

CVSS3: 5.4

debian

2 месяца назад

Shaarli is a personal bookmarking service. Prior to version 0.16.0, cr ...

EPSS

Процентиль: 8%

0.00027

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79