Source: shaarli Version: 0.14.0+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for shaarli. CVE-2025-55291[0]: | Shaarli is a minimalist bookmark manager and link sharing service. | Prior to 0.15.0, the input string in the cloud tag page is not | properly sanitized. This allows the </title> tag to be prematurely | closed, leading to a reflected Cross-Site Scripting (XSS) | vulnerability. This vulnerability is fixed in 0.15.0. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-55291 https://www.cve.org/CVERecord?id=CVE-2025-55291 [1] https://github.com/shaarli/Shaarli/security/advisories/GHSA-7w7w-pw4j-265h [2] https://github.com/shaarli/Shaarli/commit/66faa61335a6e72184be64092ff1242ffa4fe5b6 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
