CVE-2013-7351
N/A
N/A
Summary
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Shaarli | Shaarli | before 53da201749f8f362323ef278bf338f1d9f7a925a | affected |
Weaknesses
- Cross-Site Scripting
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
- https://github.com/sebsauvage/Shaarli/issues/134
- http://seclists.org/oss-sec/2014/q2/1
- http://seclists.org/oss-sec/2014/q2/4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92215
References
- https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
- https://github.com/sebsauvage/Shaarli/issues/134
- http://seclists.org/oss-sec/2014/q2/1
- http://seclists.org/oss-sec/2014/q2/4
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92215
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.