CVE-2025-55291
BaseFortify
Publication date: 2025-08-18
Last updated on: 2025-08-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| shaarli | shaarli | 0.15.0 |
| shaarli | shaarli | 0.14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-80 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages. |
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
| CWE-87 | The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55291 is a reflected Cross-Site Scripting (XSS) vulnerability in the Shaarli bookmark manager application. It occurs because the input string from the 'searchtags' parameter on the cloud tag page is not properly sanitized before being included in the HTML <title> tag. This improper sanitization allows an attacker to inject malicious HTML or JavaScript code by prematurely closing the <title> tag and inserting arbitrary scripts. This vulnerability affects versions up to 0.14.0 and was fixed in version 0.15.0 by escaping the user input before rendering it in the page title. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker to execute arbitrary JavaScript code in the context of other users who visit the affected page. This can lead to unauthorized actions such as stealing sensitive information, hijacking user sessions, or performing actions on behalf of the user without their consent. Since the vulnerability has a high confidentiality and integrity impact, it can compromise user data and the integrity of the application. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the `searchtags` parameter on the Shaarli cloud tag page for reflected Cross-Site Scripting (XSS). You can try accessing a URL similar to: https://your-shaarli-instance/tags/cloud?do=tagcloud&searchtags=testxss</title><img src=X onerror=alert(1)> and observe if the injected script executes (e.g., an alert popup). This indicates the vulnerability is present. Automated scanning tools that test for reflected XSS on parameters can also be used. There are no specific commands provided in the resources. [2]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability immediately, upgrade Shaarli to version 0.15.0 or later, where the issue is fixed by properly escaping the `searchtags` parameter before rendering it in the page title. If upgrading is not immediately possible, apply the patch that escapes the `searchtags` input in the `processRequest` method of the `TagCloudController.php` file, as shown in the fix where `escape($searchTags)` is used instead of directly concatenating the input. Additionally, consider implementing input validation and output escaping for user-supplied data to prevent reflected XSS. [1, 2]