Reflected XSS Vulnerability in Shaarli Bookmark Manager
CVE-2025-55291

7.1HIGH

Key Information:

Vendor: Shaarli
Status: Shaarli
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-55291?

The Shaarli Bookmark Manager, prior to version 0.15.0, contains a vulnerability due to improper input sanitization on the cloud tag page. This flaw allows attackers to exploit the application by causing the tag to close prematurely, leading to reflected Cross-Site Scripting (XSS). Attackers could inject malicious scripts into the web application, potentially compromising user data and session integrity. Users are strongly advised to update to version 0.15.0 or later to mitigate this risk.

Affected Version(s)

Shaarli < 0.15.0

References

https://github.com/shaarli/Shaarli/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/shaarli/Shaarli/commit/66faa61335a6e72...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 12, 2025