QwikSec

Security Database

CVE

CWE

Training

CVE-2026-24476

Published: Jan 26, 2026

Modified: Jan 27, 2026

PUBLISHED

Description

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with `"` prematurely ends the `<input>` tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue.

Vendor	Product	Versions
shaarli	Shaarli	affected `< 0.16.0`

Weaknesses (CWE)

References

https://github.com/shaarli/Shaarli/security/advisories/GHSA-g3xq-mj52-f8pg

x_refsource_CONFIRM

https://github.com/shaarli/Shaarli/commit/b854c789289c4b0dfbb7c1e5793bae7d8f94e063

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.