PT-2018-16838 · Shaarli · Shaarli

Virtualtam

Published

2018-01-05

Updated

2018-01-17

CVE-2018-5249

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.8.5 Shaarli versions 0.9.x prior to 0.9.3

Description The issue allows remote attackers to inject arbitrary code via the login form's username field, which is passed to the ban canLogin function in index.php. This enables attackers to execute malicious scripts on the client-side.

Recommendations For versions prior to 0.8.5, update to version 0.8.5 or later. For versions 0.9.x prior to 0.9.3, update to version 0.9.3 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-5249

Affected Products

Shaarli

PT-2018-16838 · Shaarli · Shaarli

CVE-2018-5249

Weakness Enumeration

Related Identifiers

Affected Products

References · 5