CVE-2017-15215

medium

Description

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

References

Advisories

https://github.com/shaarli/Shaarli/releases/tag/v0.9.2

https://github.com/shaarli/Shaarli/pull/987

http://openwall.com/lists/oss-security/2017/10/07/2

Details

Source: Mitre, NVD

Published: 2017-10-11

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01038