Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php).
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-01-05T20:00:00

Updated: 2024-08-05T05:33:44.318Z

Reserved: 2018-01-05T00:00:00

Link: CVE-2018-5249

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-01-05T20:29:00.220

Modified: 2024-11-21T04:08:25.457

Link: CVE-2018-5249

cve-icon Redhat

No data.