Browse all 3 CVE security advisories affecting shaarli. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Shaarli is a self-hosted personal bookmarking service designed for organizing and sharing links. Historically, it has been vulnerable to cross-site scripting (XSS) and remote code execution (RCE) due to improper input validation and insecure file handling. Privilege escalation risks have also been identified through misconfigured access controls. While no major public security incidents have been widely documented, the three CVEs highlight recurring issues in sanitizing user inputs and managing file permissions. The application's lightweight nature and minimal dependencies reduce its attack surface compared to more complex platforms, but continued vigilance is required to address emerging vulnerabilities in its core functionality.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-24476 | Shaarli vulnerable to stored XSS via Suggested Tags — ShaarliCWE-79 | 6.1AI | MediumAI | 2026-01-26 |
| CVE-2025-55291 | Shaarli allows reflected XSS via searchtags parameter — ShaarliCWE-80 | 7.1 | High | 2025-08-18 |
| CVE-2013-7351 | Shaarli 跨站脚本漏洞 — Shaarli | 6.1 | - | 2020-01-02 |
This page lists every published CVE security advisory associated with shaarli. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.