Reflected XSS Vulnerability in Shaarli Bookmark Manager
CVE-2025-55291

7.1HIGH

Key Information:

Vendor: Shaarli
Status: Shaarli
Vendor: CVE Published:; 18 August 2025

What is CVE-2025-55291?

The Shaarli Bookmark Manager, prior to version 0.15.0, contains a vulnerability due to improper input sanitization on the cloud tag page. This flaw allows attackers to exploit the application by causing the tag to close prematurely, leading to reflected Cross-Site Scripting (XSS). Attackers could inject malicious scripts into the web application, potentially compromising user data and session integrity. Users are strongly advised to update to version 0.15.0 or later to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Shaarli < 0.15.0

References

https://github.com/shaarli/Shaarli/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/shaarli/Shaarli/commit/66faa61335a6e72...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2025
Vulnerability Reserved
Aug 12, 2025

JSON

Shaarli

What is CVE-2025-55291?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.