CVE-2017-15215 in Shaarliinfo

Summary

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

10/10/2017

Disclosure

10/10/2017

Moderation

VulDB entry created

Entries

VDB-107672 (1)

CPE

ready

CWE

CWE-79 (Confirmed)

CVSS

5.2

EPSS

0.01038

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2017-15215
NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-15215
CVE Details	https://www.cvedetails.com/cve/CVE-2017-15215/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!