CVE-2017-15215

Name of the Vulnerable Software and Affected Versions Shaarli version 0.9.1

Description The issue allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to "index.php". If the victim is an administrator, an attacker can take over the admin session, change global settings, or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

Recommendations For Shaarli version 0.9.1, consider restricting access to the "index.php" endpoint or avoiding the use of the searchtags parameter until a fix is available. As a temporary workaround, restrict the ability to inject JavaScript code to minimize the risk of exploitation.