CVE-2017-15215

{"id": "CVE-2017-15215", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2017-10-11T01:32:55.317", "references": [{"url": "http://openwall.com/lists/oss-security/2017/10/07/2", "tags": ["Mailing List", "Patch", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/shaarli/Shaarli/pull/987", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://openwall.com/lists/oss-security/2017/10/07/2", "tags": ["Mailing List", "Patch", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/shaarli/Shaarli/pull/987", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/shaarli/Shaarli/releases/tag/v0.9.2", "tags": ["Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global settings or add/delete links. It is also possible to execute JavaScript against unauthenticated users."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Scripting (XSS) reflejado permite que un atacante sin identificar inyecte JavaScript mediante el par\u00e1metro searchtags en index.php. Si la v\u00edctima es un administrador, un atacante puede (por ejemplo) tomar el control de la sesi\u00f3n de administrador o cambiar configuraciones globales o a\u00f1adir/borrar enlaces. Tambi\u00e9n es posible ejecutar JavaScript contra usuarios sin autenticar."}], "lastModified": "2025-04-20T01:37:25.860", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:shaarli_project:shaarli:0.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8064EA18-3EAA-45D1-81EC-B7C52DD85D63"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}