Shaarli Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting (XSS) vulnerability has been identified in Shaarli versions prior to 0.16.0. The issue arises from the tag input feature, where a malicious tag starting with a quotation mark can prematurely close the input tag. This flaw allows an attacker to inject arbitrary HTML, potentially leading to an XSS attack. The vulnerability can be exploited by crafting a specific tag and importing it through a Netscape-style bookmarks file, which triggers the XSS payload.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, create a tag that begins with a quotation mark and includes HTML elements, such as a line break and a script tag with an alert command. Import this tag into Shaarli, which will inject the HTML into the tag suggestion input on the 'add link' admin page. The injected script will execute an alert, demonstrating the XSS vulnerability.

Remediation

Users can upgrade to Shaarli version 0.16.0 or later, where this vulnerability has been fixed.