CVE-2017-15215
Last modified
CVE-2017-15215 is a vulnerability of currently unknown severity. Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Shaarli Project | Shaarli | 0.9.1 |
References
- http://openwall.com/lists/oss-security/2017/10/07/2Mailing List, Patch, Third Party Advisory, VDB Entry
- https://github.com/shaarli/Shaarli/pull/987Third Party Advisory
- https://github.com/shaarli/Shaarli/releases/tag/v0.9.2Release Notes, Third Party Advisory
- http://openwall.com/lists/oss-security/2017/10/07/2Mailing List, Patch, Third Party Advisory, VDB Entry
- https://github.com/shaarli/Shaarli/pull/987Third Party Advisory
- https://github.com/shaarli/Shaarli/releases/tag/v0.9.2Release Notes, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-15215?
How severe is CVE-2017-15215?
How do I fix CVE-2017-15215?
Are you affected by CVE-2017-15215?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST