QwikSec

Security Database

CVE

CWE

Training

CVE-2013-7351

Published: Jan 2, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.

Vendor	Product	Versions
Shaarli	Shaarli	affected `before 53da201749f8f362323ef278bf338f1d9f7a925a`

References

https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a

x_refsource_CONFIRM

https://github.com/sebsauvage/Shaarli/issues/134

x_refsource_CONFIRM

http://seclists.org/oss-sec/2014/q2/1

x_refsource_MISC

http://seclists.org/oss-sec/2014/q2/4

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/92215

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.