CVE-2013-7351

NameCVE-2013-7351
DescriptionMultiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs743252

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
shaarli (PTS)bookworm0.12.1+dfsg-8fixed
sid, trixie0.13.0+dfsg-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
shaarlisource(unstable)0.0.41~beta~dfsg2-4743252

Notes

https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
Search for package or bug name: Reporting problems