Reflected XSS Vulnerability in Search Tag

[7a6163]

Version v0.12.2

I have identified a Reflected Cross-site Scripting (XSS) vulnerability that could potentially be exploited by attackers to execute malicious code within the context of a user’s web browser.

The vulnerability occurs when unsanitized user input is directly embedded into the HTML output of the search tag functionality without proper encoding or validation. This allows an attacker to craft a specially crafted URL containing malicious JavaScript code, which, when clicked by another user, will be executed within their browser, potentially leading to unauthorized access, session hijacking, or other malicious activities.

Payload：

https://demo.shaarli.org/?searchterm=&searchtags=%3C%2Ftitle%3E%3Csvg%2Fonload%3Dalert%28document.cookie%29%3E++

I want to apply for a CVE ID. I’m not sure if it’s possible.

[ArthurHoaro]

That's a good catch! Thank you for the report.
I'm going to submit a PR to fix this vulnerability. We had a CVE created a few years ago, but I'm unsure what the process is.

[7a6163]

That's a good catch! Thank you for the report. I'm going to submit a PR to fix this vulnerability. We had a CVE created a few years ago, but I'm unsure what the process is.

@ArthurHoaro I will be reporting the issue to Mitre and requesting a CVE ID. The vulnerability will be referenced, and once the patch is implemented, the CVE will be released. Thank you for the patch.

[ArthurHoaro]

https://demo.shaarli.org has been updated as well