Shaarli
Monthly
Stored XSS in Shaarli versions before 0.16.0 allows authenticated attackers to inject malicious HTML by crafting tags starting with a double quote character, which breaks out of input tag validation on the homepage. An attacker with login credentials can exploit this to execute arbitrary JavaScript in victims' browsers with the victim's interaction. A patch is available in version 0.16.0 and public exploit code exists.
Stored XSS in Shaarli versions before 0.16.0 allows authenticated attackers to inject malicious HTML by crafting tags starting with a double quote character, which breaks out of input tag validation on the homepage. An attacker with login credentials can exploit this to execute arbitrary JavaScript in victims' browsers with the victim's interaction. A patch is available in version 0.16.0 and public exploit code exists.